Posts by gabrielwhite

    Quote

    Uncomplicated Firewall (ufw) is a frontend that ships with Debian and Ubuntu, and it lets you manage firewall rules. Docker and ufw use iptables in ways that make them incompatible with each other.


    When you publish a container’s ports using Docker, traffic to and from that container gets diverted before it goes through the ufw firewall settings. Docker routes container traffic in the nat table, which means that packets are diverted before it reaches the INPUT and OUTPUT chains that ufw uses. Packets are routed before the firewall rules can be applied, effectively ignoring your firewall configuration.

    Packet filtering and firewalls


    Seems this is a Docker limitation that OMV can't get around (at least insofar as only the INPUT and OUTPUT chains can be manipulated through the WebUI).

    I've been trying to set up the firewall inside OMV, and I've been mostly successful at restricting access as I want.


    BUT I can't seem to restrict access to Docker containers running on the server using the rules in the OMV6 user interface.


    My iptables are below, and my guess is that Docker's rules are taking precedence over OMV's rules. Specifically, I wanted to restrict access to port 3000 and 3001, and even if I drop all the traffic in the OMV UI, the port remains open.


    The rules below should block all traffic to ports 3000/3001, according to the first block (which is what I'd configured in OMV), but then later you can see that docker allows those ports.


    Have I hit a limitation of the OMV webui, or am I missing something here? Or is there a way I can configure the docker containers differently?


    I had to do this to get it working:

    • Disable NFS (and apply changes)
    • Reboot
    • Select supported versions
    • Enable NFS
    • Apply changes

    If I tried to modify the NFS versions without disabling / rebooting, I continued to get errors.

    If that's correct, then you shouldn't be able to select the items in the list.


    If you select them, it says at the bottom of the list "X of Y items selected", which gives the impression the button will act only on the selected items (per normal UX standards).


    I'd suggest disabling the ability to select items in the list. As I said, this bricked my OS, which wasn't ideal.


    Gabe

    When I go to System -> Update Management -> Updates it shows me a list of packages that can be upgraded.


    The items in the list can be selected / highlighted.


    I selected the 3 (of 4) packages I wanted to upgrade, and clicked the upgrade button (the down arrow with a line below). All 4 of the packages were upgraded, one of which was a firmware that bricked my installation (which is why I didn't want to install it in the first place).


    Suggestions:

    - Do not allow users to select items in the list of packages if that selection has no effect

    - OR, upgrade only the items the user has selected


    Thanks


    Gabe

    I get the following pixelation happening when I login. I have changed the settings on MacOS to use magnified pointers FWIW.


    I suspect there's a graceful way to handle this with different pointer sizes (though I'm not sure why use a custom progress pointer?)...


    Since I updated to 6.0-34 (Shaitan) I've been getting the following error:


    Code
    /etc/cron.daily/openmediavault-cron-apt:
    cat: write error: No space left on device
    cat: write error: No space left on device
    cat: write error: No space left on device
    cat: write error: No space left on device
    cat: write error: No space left on device
    cat: write error: No space left on device


    When I check the drive status I can see there is no space issue (/dev/mmcblk0p1 is my OS / boot drive):


    Code
    df -H
    Filesystem            Size  Used Avail Use% Mounted on
    udev                  1.6G     0  1.6G   0% /dev
    tmpfs                 401M   15M  386M   4% /run
    /dev/mmcblk0p1         16G  8.4G  7.0G  55% /
    tmpfs                 2.1G     0  2.1G   0% /dev/shm
    tmpfs                 5.3M  4.1k  5.3M   1% /run/lock
    /dev/md0              6.0T  2.2T  3.9T  36% /srv/dev-disk-by-uuid-42e5e537-02b1-42d3-98d3-602339b07afe
    tmpfs                 2.1G     0  2.1G   0% /tmp
    /dev/zram1             51M   50M     0 100% /var/log

    If I reboot the device and run apt upgrade I don't get any error.


    I've been using OMV6 for about 6 weeks now, through several upgrades.


    Thoughts?

    Hi,


    I'm installing OMV6 on Armbian Bullseye on an OrangePi One Plus.


    I followed these command line instructions here:


    https://openmediavault.readthe…stallation/on_debian.html


    I was able to install succesfully on an Odroid HC4, but the OrangePi is generating an error on this command:


    Code
    apt-get --yes --auto-remove --show-upgraded \
    --allow-downgrades --allow-change-held-packages \
    --no-install-recommends \
    --option DPkg::Options::="--force-confdef" \
    --option DPkg::Options::="--force-confold" \
    install openmediavault-keyring openmediavault

    Results in the following error:


    Code
    The following packages have unmet dependencies:
     php-pam : Depends: phpapi-20180731 but it is not installable
    E: Unable to correct problems, you have held broken packages.

    I've looked through the forums and on Github and can't find anything to help me here.


    It seems the missing package is a Debian Buster package, but isn't available in Bullseye.


    Any suggestions?

    I want to try to move away from email notifications, and I've just realised that there's no way to set up alternative notification systems WITHOUT email notifications.


    I'd like to suggest that the notification system be re-imagined to allow the adding of a set of "profiles" which could be redirected to any service based on specific criteria (e.g. integrate something like https://github.com/caronc/apprise).


    For example:


    I want all messages to be sent to Slack on #channel1

    I want WARN messages to be sent to Signal and Email (as well as Slack on #channel1)

    I want DISK FULL messages to be sent to Slack on #channel2


    I know there's the facility for adding scripts in /usr/share/openmediavault/notification/sink.d/ but this is somewhat technical.


    Thanks!


    Gabe

    ryecoaaron Thanks for the reply.


    Why does it ask me to confirm to close the tab only on some pages?


    If I have made no configuration changes (i.e. logged in and clicked only on the left-hand navigation):

    - I get (unpredictably) a pop-up when I close the browser tab on the Dashboard

    - I always get a pop-up when I close the browser tab on the Users

    - I never get a pop-up when I close the browser tab on Disks


    Can you explain the intent a bit more?