[SOLVED] Overwriting host.fw removes all rules (at least in UI)

[c.weilguny]

Hi Forum,

I configure/setup a Proxmox node using Ansible. When I copy a host.fw file to /etc/pve/nodes/<hostname>/host.fw, all rules are gone in the UI. I need to add them again in the UI. Also restarting pve-firewall on that node doesn't change anything. If I do manual changes within the shell (edit the file, add a line), the changes is reflected also in the UI. Whatever ansible does, it makes the node loose the rules, at least in the UI. I even copied the contents of the file to the file copied by Ansible to avoid typos, and of course I set the permissions to 0640/root:www-data, just like they are after I change rules in the UI.

Do I need to reload something? Is it a security mechanism?

Cheers, Chris

 

[Moayad]

hi,

May you try to reload the pve-firewall service? `systemctl reload pve-firewall.service`

 

[c.weilguny]

I reloaded and even restartet the service, nothing changed.

 

[Moayad]

Hi,

May you try to md5sum after you edited the "host.fw" manually and the generated/copied file by Ansible?

 

[c.weilguny]

The md5 sums were different. "Visible" contents were the same (compared in the IDE with the compare function and simply on text-compare.com). So I played around with line endings, trailing blank lines, and ... the culprit enters the stage accompanied by some cruel sound effects ... character encoding. My Jetbrains IDE adds a UTF-8 BOM in the files. If there is a BOM, rules don't show. If I remove the BOM, they work.

If this is a bug, a feature or "works as expected" - I don't know At least it works now! Thanks for pointing me in the right direction!

 

[Moayad]

Glad to read that you fix the issue yourself!

I will go ahead and set your thread as [SOLVED] to help other people who have a similar issue.