Page MenuHomeVyOS Platform

Conntrack settings are not apply properly
Open, NormalPublicBUG

Description

In equuleus we have two configuration scripts that control the same conntrack settings:

  1. firewall.init service that creates base structures for a firewall. It also enables NAT helpers and configures conntrack table settings.
  2. conntrack.py that controls all the conntrack-related settings.

If both of them are configured, conntrack.py has precedence and overrides default settings configured by firewall.init. But if conntrack settings are completely removed from a configuration file, after a system start settings created by firewall.init keep in action.

This breaks CLI configuration. For example, in this situation, NAT helpers will be loaded, even if according to CLI they should not be active.

Conntrack settings should be removed from firewall.init to fix this issue.

Details

Difficulty level
Normal (likely a few hours)
Version
1.3.2
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)