Bug: cannot remove allowed input port from firewall

[LordMike]

Is this urgent?

No

Host OS

Ubuntu 22.04.4 LTS

CPU arch

x86_64

VPN service provider

ExpressVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-08-17T18:15:23.123Z (commit bc55c25)

What's the problem 🤔

In #2334 it was reported and fixed that removing iptables rules failed unless they were CIDR's. I then realized the fix may have broken ipv6 support, as shown in #2334 (comment)

Copied in here:

I just tried to set gluetun up with an asian VPN endpoint and I'm seeing stuff like the below. I think the endpoint is broken, so the container can't connect - that's fine, but I noticed the error below. :)

2024-08-18T11:54:32.769580445Z 2024-08-18T11:54:32Z ERROR [firewall] cannot remove outdated VPN interface rule: finding iptables chain rule line number: parsing chain list: parsing chain rule "3 0 0 ACCEPT 0 -- * eth0 ::/0 ff02::/104 ": parsing chain rule field: parsing destination IP CIDR: netip.ParsePrefix("ff02::/104/32"): ParseAddr("ff02::/104"): each colon-separated field must have at least one digit (at "/104")

I'm running a gluetun docker image with the source revision bc55c25 which is quite recent. So I found this issue.

Might the fix have missed something related to IPv6 addresses.. ff02::/104/32 seems like a mangled CIDR :)?

Share your logs (at least 10 lines)

2024-08-18T11:54:16.552618213Z 2024-08-18T11:54:16Z INFO [vpn] starting
2024-08-18T11:54:16.552833482Z 2024-08-18T11:54:16Z INFO [firewall] allowing VPN connection...
2024-08-18T11:54:16.560562617Z 2024-08-18T11:54:16Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-18T11:54:16.560858469Z 2024-08-18T11:54:16Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-18T11:54:16.563152752Z 2024-08-18T11:54:16Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]194.5.49.72:1195
2024-08-18T11:54:16.563494544Z 2024-08-18T11:54:16Z INFO [openvpn] UDPv4 link local: (not bound)
2024-08-18T11:54:16.563735643Z 2024-08-18T11:54:16Z INFO [openvpn] UDPv4 link remote: [AF_INET]194.5.49.72:1195
2024-08-18T11:54:32.672382248Z 2024-08-18T11:54:32Z INFO [healthcheck] program has been unhealthy for 16s: restarting VPN
2024-08-18T11:54:32.672686728Z 2024-08-18T11:54:32Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-18T11:54:32.672978298Z 2024-08-18T11:54:32Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-18T11:54:32.673257380Z 2024-08-18T11:54:32Z INFO [vpn] stopping
2024-08-18T11:54:32.673526608Z 2024-08-18T11:54:32Z INFO [vpn] starting
2024-08-18T11:54:32.673786978Z 2024-08-18T11:54:32Z INFO [firewall] allowing VPN connection...
2024-08-18T11:54:32.769580445Z 2024-08-18T11:54:32Z ERROR [firewall] cannot remove outdated VPN interface rule: finding iptables chain rule line number: parsing chain list: parsing chain rule "3        0     0 ACCEPT     0    --  *      eth0    ::/0                 ff02::/104          ": parsing chain rule field: parsing destination IP CIDR: netip.ParsePrefix("ff02::/104/32"): ParseAddr("ff02::/104"): each colon-separated field must have at least one digit (at "/104")
2024-08-18T11:54:32.778128293Z 2024-08-18T11:54:32Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-18T11:54:32.778457360Z 2024-08-18T11:54:32Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-18T11:54:32.780701815Z 2024-08-18T11:54:32Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]64.64.121.6:1195
2024-08-18T11:54:32.781595808Z 2024-08-18T11:54:32Z INFO [openvpn] UDPv4 link local: (not bound)
2024-08-18T11:54:32.782402554Z 2024-08-18T11:54:32Z INFO [openvpn] UDPv4 link remote: [AF_INET]64.64.121.6:1195
2024-08-18T11:54:36.132406137Z 2024-08-18T11:54:36Z INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:54:41.600795228Z 2024-08-18T11:54:41Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:54:49.524211313Z 2024-08-18T11:54:49Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:54:53.888152508Z 2024-08-18T11:54:53Z INFO [healthcheck] program has been unhealthy for 21s: restarting VPN
2024-08-18T11:54:53.888651013Z 2024-08-18T11:54:53Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-18T11:54:53.888997691Z 2024-08-18T11:54:53Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-18T11:54:53.889292900Z 2024-08-18T11:54:53Z INFO [vpn] stopping
2024-08-18T11:54:53.892470317Z 2024-08-18T11:54:53Z INFO [vpn] starting
2024-08-18T11:54:53.892778659Z 2024-08-18T11:54:53Z INFO [firewall] allowing VPN connection...
2024-08-18T11:54:53.899979025Z 2024-08-18T11:54:53Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-18T11:54:53.900268212Z 2024-08-18T11:54:53Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-18T11:54:53.902606140Z 2024-08-18T11:54:53Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]64.64.121.6:1195
2024-08-18T11:54:53.902973823Z 2024-08-18T11:54:53Z INFO [openvpn] UDPv4 link local: (not bound)
2024-08-18T11:54:53.903271649Z 2024-08-18T11:54:53Z INFO [openvpn] UDPv4 link remote: [AF_INET]64.64.121.6:1195
2024-08-18T11:54:57.251463111Z 2024-08-18T11:54:57Z INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:55:03.106005016Z 2024-08-18T11:55:03Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:55:10.880037905Z 2024-08-18T11:55:10Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:55:20.005848274Z 2024-08-18T11:55:20Z INFO [healthcheck] program has been unhealthy for 26s: restarting VPN
2024-08-18T11:55:20.006165037Z 2024-08-18T11:55:20Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-18T11:55:20.015805668Z 2024-08-18T11:55:20Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-18T11:55:20.016631684Z 2024-08-18T11:55:20Z INFO [vpn] stopping
2024-08-18T11:55:20.051784092Z 2024-08-18T11:55:20Z INFO [vpn] starting
2024-08-18T11:55:20.052110439Z 2024-08-18T11:55:20Z INFO [firewall] allowing VPN connection...
2024-08-18T11:55:20.145963512Z 2024-08-18T11:55:20Z ERROR [firewall] cannot remove outdated VPN interface rule: finding iptables chain rule line number: parsing chain list: parsing chain rule "3        0     0 ACCEPT     0    --  *      eth0    ::/0                 ff02::/104          ": parsing chain rule field: parsing destination IP CIDR: netip.ParsePrefix("ff02::/104/32"): ParseAddr("ff02::/104"): each colon-separated field must have at least one digit (at "/104")
2024-08-18T11:55:20.153713001Z 2024-08-18T11:55:20Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-18T11:55:20.153951688Z 2024-08-18T11:55:20Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-18T11:55:20.155903159Z 2024-08-18T11:55:20Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]194.5.49.72:1195
2024-08-18T11:55:20.156221143Z 2024-08-18T11:55:20Z INFO [openvpn] UDPv4 link local: (not bound)
2024-08-18T11:55:20.156541557Z 2024-08-18T11:55:20Z INFO [openvpn] UDPv4 link remote: [AF_INET]194.5.49.72:1195
2024-08-18T11:55:51.253889795Z 2024-08-18T11:55:51Z INFO [healthcheck] program has been unhealthy for 31s: restarting VPN
2024-08-18T11:55:51.254175887Z 2024-08-18T11:55:51Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-18T11:55:51.254465528Z 2024-08-18T11:55:51Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-18T11:55:51.254758101Z 2024-08-18T11:55:51Z INFO [vpn] stopping
2024-08-18T11:55:51.255144869Z 2024-08-18T11:55:51Z INFO [vpn] starting
2024-08-18T11:55:51.255457654Z 2024-08-18T11:55:51Z INFO [firewall] allowing VPN connection...
2024-08-18T11:55:51.260488074Z 2024-08-18T11:55:51Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-18T11:55:51.260734346Z 2024-08-18T11:55:51Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-18T11:55:51.262408053Z 2024-08-18T11:55:51Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]194.5.49.72:1195
2024-08-18T11:55:51.262713905Z 2024-08-18T11:55:51Z INFO [openvpn] UDPv4 link local: (not bound)
2024-08-18T11:55:51.262998385Z 2024-08-18T11:55:51Z INFO [openvpn] UDPv4 link remote: [AF_INET]194.5.49.72:1195
2024-08-18T11:56:27.355685510Z 2024-08-18T11:56:27Z INFO [healthcheck] program has been unhealthy for 36s: restarting VPN
2024-08-18T11:56:27.355998151Z 2024-08-18T11:56:27Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-18T11:56:27.356651547Z 2024-08-18T11:56:27Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-18T11:56:27.357459658Z 2024-08-18T11:56:27Z INFO [vpn] stopping
2024-08-18T11:56:27.365080851Z 2024-08-18T11:56:27Z INFO [vpn] starting
2024-08-18T11:56:27.365335657Z 2024-08-18T11:56:27Z INFO [firewall] allowing VPN connection...
2024-08-18T11:56:27.365600444Z 2024-08-18T11:56:27Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-18T11:56:27.365856835Z 2024-08-18T11:56:27Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-18T11:56:27.367155384Z 2024-08-18T11:56:27Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]194.5.49.72:1195
2024-08-18T11:56:27.393158400Z 2024-08-18T11:56:27Z INFO [openvpn] UDPv4 link local: (not bound)
2024-08-18T11:56:27.393845123Z 2024-08-18T11:56:27Z INFO [openvpn] UDPv4 link remote: [AF_INET]194.5.49.72:1195
2024-08-18T11:57:08.483371552Z 2024-08-18T11:57:08Z INFO [healthcheck] program has been unhealthy for 41s: restarting VPN
2024-08-18T11:57:08.483763827Z 2024-08-18T11:57:08Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-18T11:57:08.484055365Z 2024-08-18T11:57:08Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-18T11:57:08.484351326Z 2024-08-18T11:57:08Z INFO [vpn] stopping
2024-08-18T11:57:08.484604629Z 2024-08-18T11:57:08Z INFO [vpn] starting
2024-08-18T11:57:08.484876118Z 2024-08-18T11:57:08Z INFO [firewall] allowing VPN connection...
2024-08-18T11:57:08.541431550Z 2024-08-18T11:57:08Z ERROR [firewall] cannot remove outdated VPN interface rule: finding iptables chain rule line number: parsing chain list: parsing chain rule "3        0     0 ACCEPT     0    --  *      eth0    ::/0                 ff02::/104          ": parsing chain rule field: parsing destination IP CIDR: netip.ParsePrefix("ff02::/104/32"): ParseAddr("ff02::/104"): each colon-separated field must have at least one digit (at "/104")
2024-08-18T11:57:08.625288050Z 2024-08-18T11:57:08Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-18T11:57:08.626131515Z 2024-08-18T11:57:08Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-18T11:57:08.626988493Z 2024-08-18T11:57:08Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]64.64.121.6:1195
2024-08-18T11:57:08.627936951Z 2024-08-18T11:57:08Z INFO [openvpn] UDPv4 link local: (not bound)
2024-08-18T11:57:08.628519875Z 2024-08-18T11:57:08Z INFO [openvpn] UDPv4 link remote: [AF_INET]64.64.121.6:1195
2024-08-18T11:57:11.952435902Z 2024-08-18T11:57:11Z INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:57:19.040289372Z 2024-08-18T11:57:19Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:57:26.439409210Z 2024-08-18T11:57:26Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:57:41.555397430Z 2024-08-18T11:57:41Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:57:54.664828635Z 2024-08-18T11:57:54Z INFO [healthcheck] program has been unhealthy for 46s: restarting VPN
2024-08-18T11:57:54.665204421Z 2024-08-18T11:57:54Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-18T11:57:54.665510904Z 2024-08-18T11:57:54Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-18T11:57:54.665787923Z 2024-08-18T11:57:54Z INFO [vpn] stopping
2024-08-18T11:57:54.708616703Z 2024-08-18T11:57:54Z INFO [vpn] starting
2024-08-18T11:57:54.708899563Z 2024-08-18T11:57:54Z INFO [firewall] allowing VPN connection...
2024-08-18T11:57:54.714884274Z 2024-08-18T11:57:54Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-18T11:57:54.715148176Z 2024-08-18T11:57:54Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-18T11:57:54.717776451Z 2024-08-18T11:57:54Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]64.64.121.6:1195
2024-08-18T11:57:54.717995959Z 2024-08-18T11:57:54Z INFO [openvpn] UDPv4 link local: (not bound)
2024-08-18T11:57:54.718613781Z 2024-08-18T11:57:54Z INFO [openvpn] UDPv4 link remote: [AF_INET]64.64.121.6:1195
2024-08-18T11:57:55.143268967Z 2024-08-18T11:57:55Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:57:59.657062259Z 2024-08-18T11:57:59Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-08-18T11:58:04.167443088Z 2024-08-18T11:58:04Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)

### Share your configuration

```yml
N/A - can provide if needed

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[qdm12]

Thanks for reporting the issue with so much details and help, 10/10 would fix again 💯 😄 !

Fixed in 946f055 - the code was expecting CIDR ranges suffixes to end with 1 to 2 digits, not 3 (/104) because silly me forgot IPv6 exists... Thanks again!

[github-actions]

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

[qdm12]

This isn't fixed, my bad, it's fixed for sure in 3f13093 😉

[LordMike]

Hooray! Thanks :)

Also thanks for gluetun. It sure makes docker vpns easy. :)