I'm a doofus and I broke my firewall...

Started by Ed V., November 23, 2024, 11:48:35 PM

Previous topic - Next topic
Not sure if anyone can help, but I screwed up and thought I'd try Zenarmor.

Unfortunately, I didn't read far enough into the "gotchas" to discover that turning on checksum offloading is a "Bad Idea (tm)" with Zenarmor.

Now my firewall is stuck with no WebUI, no SSH and no Serial/TTY console (spamming the "drop mbuf that needs checksum offload" message).

I built a NomadBSD USB and can mount up the correct partition - but can't find where the config files live to either:

1) Turn checksum offload "Off"
-or-
2) Disable Zenarmor so the WebUI starts and I can change the checksum offload there

Can anyone point me in the right direction?

Or have I just blown up my firewall and need to re-image from bare metal?


Also, you can find the most recent version(s) of your config under /conf/backup/config-*.xml. Just list them sorted by time ("ls -laot /conf/backup") and take the last backup before you borked it.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+

I had spotted the other thread, but when I checked the file I found:

# grep offloading /conf/config.xml
    <disablechecksumoffloading>1</disablechecksumoffloading>
    <disablesegmentationoffloading>1</disablesegmentationoffloading>
    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>


The natives were getting restless in the household, so I girded my loins and moved the `eastpect` file out of `/usr/local/etc/rc.d`.

That worked and the WebUI came up on reboot.

Oddly, when I checked the system config I noticed that all the "offload" boxes were UNchecked.

Moving the `eastpect` file back where it started and rebooting worked as I would have expected before this evolution.  WebUI, SSH, etc. working.

Checking those boxes didn't change anything in the `/conf/config.xml` file, so maybe that's controlled /set somewhere else these days?

At any rate, I'm back up and running and managed to remove Zenarmor (it didn't work since it's missing the database).

Thanks for the pointers, it got me moving (even if I had a flop-sweat moment moving files around).