Firewall gets deactivated.....

[3tigerlillies 5]

Hi,

Im using Eddie GUI Linux version 2.20.0 on a Linux Mint Cinnamon 20.2 system.

My system boots up, passwords entered, I start Eddie and everything is OK.

But, as soon as I try activating the Network Lock "Killswitch"? my firewall goes down or gets turned off.

When I check its status before activating the Network Lock the firewall is on. But as soon as I activate the network lock, all is greyed out and off.

This new behaviour is strange, can there be a reason for it?

So now I have to manually activate my GUFW firewall each time I activate the Network Lock, which is something I never had to do in the past.

Am I lacking in understanding? Can anyone give me an explanation please?

Your suggestions would be appreciated.

Thanks.

[3tigerlillies 5]

I have just checked my other machine which is running the same system as above and started Eddie in plain Connect to Server mode. The Firewall is on. But when disconnected from server and activated network lock, the firewall is off, requiring a manual start.

Is there a configuration to activate my firewall to start on Eddie, Activate Network Lock, that I am somehow missing or unaware of?

I thought the Network Lock was an added layer of security, but when it knocks your firewall out, surely, this is not the case. 😕

[OpenSourcerer 1359]

Keep in mind that ufw is a frontend for iptables. Eddie's behavior is saving the current rules on engage, then writing its own rules. Upon disconnection, this is reversed. Thus, ufw is not compatible with Eddie's NetLock. Trust NetLock or write your own rules:

[3tigerlillies 5]

OpenSourcerer

Thanks for your reply and the links. The comments sort of clear up a couple of my main concerns.

So, Eddie is using my rules alongside its own, not through my own firewall, but through a/its pre-compiled database. Even though my firewall is off, there is still an instance of firewalling going on within Eddie, that is what I would conclude. So its still active but in another form.

So, if I am to trust these rules in Network Lock, I need not worry (otherwise bake my own cake).

Time for that at a later date should I decide to distrust any.

Its a good job that someone knows their way around the forum.

Cheers.

[OpenSourcerer 1359]

2 minutes ago, 3tigerlillies said:

So, Eddie is using my rules alongside its own, not through my own firewall, but through a/its pre-compiled database.

Neither fully wrong nor fully correct. Eddie overrides all your iptables rules and uses its own exclusively. Before doing that the current ruleset is saved. This is reversed upon disengaging NetLock. There's no "alongside".
 

5 minutes ago, 3tigerlillies said:

Even though my firewall is off, there is still an instance of firewalling going on within Eddie, that is what I would conclude. So its still active but in another form.

Again, not fully wrong but not fully right, either. There's no "personal" firewall, so nothing is "yours", and there is no firewalling going on inside Eddie. That task is outsourced to something that is much closer to the system core than a user space program like Eddie and is therefore much more "stable": For you on Linux this would be iptables or nft, whichever is available.
But yes, there are other rules active preventing connections which are not going to any AirVPN server.
 

16 minutes ago, 3tigerlillies said:

So, if I am to trust these rules in Network Lock, I need not worry (otherwise bake my own cake).

This on the other hand is fully correct.
 

16 minutes ago, 3tigerlillies said:

Its a good job that someone knows their way around the forum.

It'll be eight years on Aug 31. Guess I know my way around it a little.