Restarting firewall service through CLI

Teltonika Networks
1

I have a RUT955 router with these details
“”"

  • Firmware version :RUT9_R_00.07.06.1
  • Firmware build date: 2024-01-02 11:11:13
  • Internal modem firmware version: SLM750_4.0.6_EQ101
  • Kernel version: 5.4.259
    “”"

. I added a new network in my firewall config file, in config zone 3 as
config zone '3' option name 'wan' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' option log '0' option conntrack '0' option network 'wan wan6 mob1s1a1 mob1s2a1 {NAME OF NEW NETWORK}

To apply the changes, I would need to restart the firewall service. I run /etc/init.d/firewall reload but I get errors as
`
root@RUT955:~# /etc/init.d/firewall reload
Warning: Section ‘3’ cannot resolve device of network ‘mob1s1a1’
Warning: Section ‘3’ cannot resolve device of network ‘mob1s2a1’
Warning: Section ‘3’ cannot resolve device of network ‘mob1s1a1’
Warning: Section ‘3’ cannot resolve device of network ‘mob1s2a1’
copying config file to /tmp/firewall_old
IPV 4
Table 0

  • Clearing IPv4 filter table
    Table 1
  • Clearing IPv4 nat table
    Table 2
  • Clearing IPv4 mangle table
    Table 3
  • Clearing IPv4 raw table
  • Populating IPv4 filter table
    • Rule ‘Allow-DHCP-Renew’
    • Rule ‘Allow-Ping’
    • Rule ‘Allow-IGMP’
    • Rule ‘Allow-IPSec-ESP’
    • Rule ‘Allow-ISAKMP’
    • Forward ‘wan’ → ‘lan’
    • Forward ‘lan’ → ‘wan’
    • Zone ‘lan’
    • Zone ‘wan’
  • Populating IPv4 nat table
    • Zone ‘lan’
    • Zone ‘wan’
  • Populating IPv4 mangle table
    • Zone ‘lan’
    • Zone ‘wan’
  • Populating IPv4 raw table
    • Zone ‘lan’
      • Using automatic conntrack helper attachment
    • Zone ‘wan’
      IPV 5
      Table 0
  • Clearing IPv6 filter table
    Table 1
    Table 2
  • Clearing IPv6 mangle table
    Table 3
  • Clearing IPv6 raw table
  • Populating IPv6 filter table
    • Rule ‘Allow-DHCPv6’
    • Rule ‘Allow-MLD’
    • Rule ‘Allow-ICMPv6-Input’
    • Rule ‘Allow-ICMPv6-Forward’
    • Rule ‘Allow-IPSec-ESP’
    • Rule ‘Allow-ISAKMP’
    • Forward ‘wan’ → ‘lan’
    • Forward ‘lan’ → ‘wan’
    • Zone ‘lan’
    • Zone ‘wan’
  • Populating IPv6 mangle table
    • Zone ‘lan’
    • Zone ‘wan’
  • Populating IPv6 raw table
    • Zone ‘lan’
      • Using automatic conntrack helper attachment
    • Zone ‘wan’
  • Set tcp_ecn to off
  • Set tcp_syncookies to on
  • Set tcp_window_scaling to on
  • Running script ‘/usr/bin/attack_prevention’
    iptables: Bad rule (does a matching rule exist in that chain?).
    iptables: Bad rule (does a matching rule exist in that chain?).
    iptables: Bad rule (does a matching rule exist in that chain?).
    iptables: Bad rule (does a matching rule exist in that chain?).
    iptables: Bad rule (does a matching rule exist in that chain?).
    root@RUT955:~#`
    There is only one SIM card in the SIM1 slot. I removed it, restarted the router and ran the same command again but got the same error.

I did try to factory reset the router without the sim card in it, then run /etc/init.d/firewall reload. Still, I got the same problem.

How can I fix this problem?
Is there a way to force closing firewall service and starting it again?

3

Hello,

While I was able to reproduce the warnings, I did not notice any actual errors or issues with the firewall configuration. Could you clarify if you’re having any issues with your custom IPtables rules? Or are you concerned about the iptables warnings?
I’m not able to pinpoint where the issue is originating exactly, but it does not appear to have any effect on the functionality of the firewall.

Best regards,

4

Hi Daumantas,

I don’t have problem with the IPtables rules. I did all of these commands after I factory reset the router and didn’t connect to it with any device through Wi-Fi (my laptop was connected through the cable).

I’m concerned about the warning that shows when I try to restart the firewall service. After I run the reload command, does the firewall service restart? Which means these are just loggers for making backups or related info about the iptable?

I just want to restart firewall after I add the new zone in it so the changes are saved.

Regards,

5

Hello,

Firewall is being restarted, and during the reload process it generates the logs about the reload process (similar to rebooting the device), so all of the added rules will be applied as well.

6

This topic was automatically closed after 15 days. New replies are no longer allowed.