pve-firewall: status update error: unable to apply firewall changes

A

Afox

Renowned Member
Dec 18, 2014
257
12
83
hello,

i get this error every 10 seconds in syslog of Proxmox webinterface. Can you please tell me how to find out what´s wrong?

Thanks in advance,

Afox
 
Last edited:
hello, meanwhile i did this: restarted the node, restarted pve-firewall service, checked host.fw, cluster.fw and all ID.fw of the VMs for typo and consistence. Nothing (yet). I don´t get this..

Is there any way to check which rule could cause the error and get more detailed log?
 
Hello.
I get the same errors,

Dec 15 11:29:05 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes
Dec 15 11:29:15 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes
Dec 15 11:29:25 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes
Dec 15 11:29:35 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes
Dec 15 11:29:45 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes
Dec 15 11:29:55 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes
Dec 15 11:30:05 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes
Dec 15 11:30:15 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes
Dec 15 11:30:25 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes
Dec 15 11:30:35 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes
Dec 15 11:30:45 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes
Dec 15 11:30:55 cp-node2 pve-firewall[1545]: status update error: unable to apply firewall changes

Firewall works, but these errors confuse me.
Did anyone solved that problem?

Regards.
 
can you reproduce when this error started? my syslog contains it for more than 7 days so i can´t reproduce the beginning.

Also I am interested if you manually changed iptables somewhere? I did few times but as mentioned above I restarted the Node for clearing.
 
Afox said:
can you reproduce when this error started? my syslog contains it for more than 7 days so i can´t reproduce the beginning.

Also I am interested if you manually changed iptables somewhere? I did few times but as mentioned above I restarted the Node for clearing.
Click to expand...

Of course. Simply enable/disable firewall for the specific node.
After disabling the firewall, the errors disappear.
 
Not for me, my webinterface crashes when disabling the firewall and the only way to login was via ipmi...
the error is still there. currently I use Proxmox 3.4-11
 
Same issue here and all I did was enable the firewall for the first time. I also notice that the firewall is not working as I tested by using allow as a default and only setup port 22 to block. I can get to port 22 fine externally.
 
Check names of Security Groups.
I had names with "-" symbol and same flood in syslog. After rename groups and reapply their on VMs problem was solved.
 
  • Like
Reactions: Afox
Today I upgraded my boxes to the latest version of Proxmox (pve-manager/5.4-5/c6fdb264 (running kernel: 4.15.18-13-pve)) and I got this error:

Code: 
May  1 11:25:06 proxmox-node-1 pve-firewall[2565]: status update error: unable to apply firewall changes
May  1 11:25:16 proxmox-node-1 pve-firewall[2565]: status update error: unable to apply firewall changes

It is strange that I got this only on one of the nodes, the other node works like a charm. The node which generates these errors, acts as slave node on the cluster.

I tried to disable/enable the firewall, without success. The error still persists.
I also checked the security groups, but there is no security group with - dash character in their names. I have rules with _ in their names if this can be the problem.

So, can somebody help me to resolve this? I can attach any log if it's needed.
Thanks in advance.
 
Maybe
kristian.kirilov said:
Today I upgraded my boxes to the latest version of Proxmox (pve-manager/5.4-5/c6fdb264 (running kernel: 4.15.18-13-pve)) and I got this error:

Code: 
May  1 11:25:06 proxmox-node-1 pve-firewall[2565]: status update error: unable to apply firewall changes
May  1 11:25:16 proxmox-node-1 pve-firewall[2565]: status update error: unable to apply firewall changes

It is strange that I got this only on one of the nodes, the other node works like a charm. The node which generates these errors, acts as slave node on the cluster.

I tried to disable/enable the firewall, without success. The error still persists.
I also checked the security groups, but there is no security group with - dash character in their names. I have rules with _ in their names if this can be the problem.

So, can somebody help me to resolve this? I can attach any log if it's needed.
Thanks in advance.
Click to expand...

maybe could it be related to new arp filter. can you try to disable ebtables in datacenter options ?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back