FW reload via LuCi makes sentinel traps unreachable

After a FW change via LuCi - e.g. enabling/disabling some FW rule or adding a new one, FW reload is needed. It could be applied using standard Save & Apply button.

Subsequent firewall reload causes sentinel traps like HaaS Proxy and minipots to be unreachable from WAN - resulting in "Connection refused".

This could be locally fixed by running one of the following commands:

sentinel-reload
fw3 reload
/etc/init.d/firewall restart
service firewall restart

Originally reported in: https://gitlab.nic.cz/turris/project/-/issues/116#note_204548

More research in: turris/reforis/reforis#316 (comment 205002)

Edited Apr 08, 2021 by Martin Prudek

Admin message

FW reload via LuCi makes sentinel traps unreachable