Disable Firewall support in connman
Hi, Could you please let us know how we can disable firewall support in connman. There are some problems I am facing when I am running firewall. So want to test by disabling it. Thanks in advance. Vidhya ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: Disable Firewall support in connman
On Thu, 2015-06-18 at 15:24 +0530, Vidhya Govindan wrote: > Hi, > > Could you please let us know how we can disable firewall support in connman. There are no iptables features in use in ConnMan unless you use Session support which I'm fairly sure you're not using. > There are some problems I am facing when I am running firewall. So want to > test by disabling it. What are you doing, exactly? Cheers, Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: Disable Firewall support in connman
Hi, Could you please let us know how we can disable firewall support in connman. There is no firewall in ConnMan. ConnMan might use iptables to setup nating (when tethering) and some other accounting stuff. But besides that, it does not use iptables for firewalling. What is the issue you are facing? Tomasz ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: Disable Firewall support in connman
Hi
Thanks for your responses.
Please find the logs below which is coming when I run connmand
connmand[4691]: src/ipconfig.c:__connman_ipconfig_init()
connmand[4691]: src/rtnl.c:__connman_rtnl_init()
connmand[4691]: src/task.c:__connman_task_init()
connmand[4691]: src/proxy.c:__connman_proxy_init()
connmand[4691]: src/detect.c:__connman_detect_init()
connmand[4691]: src/rtnl.c:connman_rtnl_register() rtnl 0xa2448 name detect
connmand[4691]: src/session.c:__connman_session_init()
connmand[4691]: src/notifier.c:connman_notifier_register() notifier 0xa2510
name session
connmand[4691]: src/firewall.c:__connman_firewall_enable() mangle INPUT -j
CONNMARK --restore-mark
connmand[4691]: src/firewall.c:insert_managed_rule() table mangle add
managed chain for INPUT
connmand[4691]: src/iptables.c:__connman_iptables_new_chain() -t mangle -N
connman-INPUT
connmand[4691]: src/iptables.c:iptables_init() mangle
connmand[4691]: src/iptables.c:iptables_add_chain() table mangle chain
connman-INPUT
connmand[4691]: src/iptables.c:__connman_iptables_insert() -t mangle -I
INPUT -j connman-INPUT
(null) v(null): Couldn't load target `standard':No such file or directory
---
On debugging we found that in function __connman_iptables_insert() -I
option is expecting target name which is already added to the chain.
iptables_add_chain() - is adding target name connman-INPUT to chain, but
while __connman_iptables_insert -I instead of connman-INPUT, -I INPUT is
given. There fore it results in error could not load target which is not in
chain.
On debugging further we found that it is called in firewall.c,
static int insert_managed_chain(const char *table_name, int id)
{
char *rule, *managed_chain;
int err;
managed_chain = g_strdup_printf("%s%s", CHAIN_PREFIX,
builtin_chains[id]);
DBG("T%s C %s", table_name, managed_chain);
err = __connman_iptables_new_chain(table_name, managed_chain);
if (err < 0)
goto out;
rule = g_strdup_printf("-j %s", managed_chain);
DBG("T%s C %s R %s ID %d", table_name, builtin_chains[id],
rule, id);
//err = __connman_iptables_insert(table_name, builtin_chains[id],
rule);
/* err = __connman_iptables_insert(table_name, managed_chain, rule);
g_free(rule);
if (err < 0) {
__connman_iptables_delete_chain(table_name, managed_chain);
goto out;
*/
By commenting the lines shown above, we are able to run connmand without
any problems.
As this is seems to be a dirty hack, we want to do it in a clean manner.
Can you please suggest which way we can use?
Thanks,
Vidhya
On Thu, Jun 18, 2015 at 3:24 PM, Vidhya Govindan
wrote:
> Hi,
>
> Could you please let us know how we can disable firewall support in
> connman.
> There are some problems I am facing when I am running firewall. So want to
> test by disabling it.
>
> Thanks in advance.
>
> Vidhya
>
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
Re: Disable Firewall support in connman
Hi,
On Thu, 2015-06-18 at 17:12 +0530, Vidhya Govindan wrote:
> static int insert_managed_chain(const char *table_name, int id)
> {
> char *rule, *managed_chain;
> int err;
>
> managed_chain = g_strdup_printf("%s%s", CHAIN_PREFIX,
> builtin_chains[id]);
>
> DBG("T%s C %s", table_name, managed_chain);
> err = __connman_iptables_new_chain(table_name, managed_chain);
> if (err < 0)
> goto out;
>
> rule = g_strdup_printf("-j %s", managed_chain);
> DBG("T%s C %s R %s ID %d", table_name, builtin_chains[id],
> rule, id);
> //err = __connman_iptables_insert(table_name, builtin_chains[id],
> rule);
> /* err = __connman_iptables_insert(table_name, managed_chain, rule);
> g_free(rule);
> if (err < 0) {
> __connman_iptables_delete_chain(table_name, managed_chain);
> goto out;
> */
>
>
> By commenting the lines shown above, we are able to run connmand without
> any problems.
> As this is seems to be a dirty hack, we want to do it in a clean manner.
>
> Can you please suggest which way we can use?
>From where does this function get called if it manages to prevent
ConnMan from running? BTW, does ConnMan close down or what happens?
Cheers,
Patrik
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
Re: Disable Firewall support in connman
own above, we are able to run connmand without > any problems. > As this is seems to be a dirty hack, we want to do it in a clean manner. > > Can you please suggest which way we can use? > > Thanks, > Vidhya > > > On Thu, Jun 18, 2015 at 3:24 PM, Vidhya Govindan > wrote: > >> Hi, >> >> Could you please let us know how we can disable firewall support in >> connman. >> There are some problems I am facing when I am running firewall. So want >> to test by disabling it. >> >> Thanks in advance. >> >> Vidhya >> > > ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: Disable Firewall support in connman
On Thu, 2015-06-18 at 22:52 +0530, Vidhya Govindan wrote: > By commenting the lines (which I mentioned in previous posts), we are > able to make connmand work without any such error messages. I don't care about "error" messages. Did ConnMan start running after printing that message or not? Cheers, Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
