Backup failed: file '/etc/pve/firewall/100.fw' too long - aborting

how long is it? can you post the full backup log as well?
 
Hi, the file is 1409 lines long in 82228 characters because its made only to allow incoming connections to a particular port from Argentina only. I wasn't able to do this any other way but from the VM firewall, I tried datacenter firewall which didn't do anything and PVE firewall only blocks connections to the PVE and not the VMs


Full Log:





Task viewer: Backup

OutputStatus

Stop
INFO: starting new backup job: vzdump 100 105 --quiet 1 --mailto user@domain.com --storage backup-zfs --node server --mode snapshot --mailnotification always --compress gzip
INFO: Starting Backup of VM 100 (qemu)
INFO: status = running
INFO: update VM 100: -lock backup
INFO: VM Name: *REDACTED*
INFO: include disk 'virtio0' 'local-lvm:vm-100-disk-2' 50G
INFO: include disk 'sata0' 'local-lvm:vm-100-disk-1' 80G
INFO: backup mode: snapshot
INFO: ionice priority: 7
ERROR: Backup of VM 100 failed - file '/etc/pve/firewall/100.fw' too long - aborting
INFO: Starting Backup of VM 105 (qemu)
INFO: status = running


Thanks!
 
Last edited:
thanks! the current limit is 32768 bytes, but it's already configurable so should be fixed easily.
 
wait till the fixed package is available in the repositories (or apply the patch manually to /usr/share/perl5/PVE/Tools.pm and reload pvedaemon and pveproxy, if you feel comfortable with that).
 
I'm supposed to open /usr/share/perl5/PVE/Tools.pm and
Remove the lines:

$max = 32768 if !$max;

And add the lines:

# pmxcfs file size limit
$max = 512*1024 if !$max;

Also what about this? Should I do it? why does it change from a to b?
Remove
a/src/PVE/Tools.pm
add
b/src/PVE/Tools.pm
 
I have edit the Tools.pm file by change the $max line described in the patch. Unfortunately, that doesn't work either. The previous error message doesn't appears but the following:

INFO: starting new backup job: vzdump 50102 --compress zstd --storage backup --mode snapshot --remove 0 --node main5
INFO: Starting Backup of VM 50102 (qemu)
INFO: Backup started at 2020-08-16 11:57:10
INFO: status = running
INFO: VM Name: tag2
INFO: include disk 'scsi0' 'backup:50102/vm-50102-disk-0.qcow2' 32G
INFO: backup mode: snapshot
INFO: ionice priority: 7
INFO: snapshots found (not included into backup)
INFO: creating vzdump archive '/mnt/pve/backup/dump/vzdump-qemu-50102-2020_08_16-11_57_09.vma.zst'
ERROR: unable to add /mnt/pve/backup/dump/vzdump-qemu-50102-2020_08_16-11_57_09.tmp/qemu-server.fw config data to vma archive
ERROR: Backup of VM 50102 failed - unable to add /mnt/pve/backup/dump/vzdump-qemu-50102-2020_08_16-11_57_09.tmp/qemu-server.fw config data to vma archive
INFO: Failed at 2020-08-16 11:57:10
INFO: Backup job finished with errors
TASK ERROR: job errors

So it seems there is another bug to solve. please let me know if there is a solution provided.

Thanks,

Chriss
 
Thanks Fabian, I really hope this can get fixed sometime as it's depriving us of a very important security feature. One could argue that the same results can be achieved by external firewalls or by routing traffic to the vms using another vm with pfsense but I really think it would be great to be able to get the same results natively which would be a lot easier.

Thanks, I have nothing else to add I'll keep monitoring this in case it gets fixed :)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!