Application Deployment - Command to update Firewall rules is failing

Alanxrazy · 24 October 2024 07:12

System Information

Field	Value
Operating System	Linux - Ubuntu 24.04.1 on x86_64
Product	AMP ‘Phobos’ v2.6.0.0 (Mainline)
Virtualization	None
Application	Application Deployment
Module	ADSModule
Running in Container	No
Current State	Indeterminate

Task

Tell AMP to update Firewall rules for all instances.

Problem Description

Issue

Suddenly wasn’t able to connect to file manager using sftp (this is affecting all my instances, both sftp and game port). I was able to narrow it down to the firewall settings and tried to run the command “sudo ampinstmgr updatefirewall”. The command listed all the ports to add but fails to add them reported a syntax error.

X@X:~$ sudo ampinstmgr updatefirewall
[Info/1] AMP Instance Manager v2.6 built 23/10/2024 20:50
[Info/1] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
[Info/1] Release stream for instance FearNightfall01 changed from NotSpecified to Mainline
[Info/1] Using UFW firewall.
[Info/1] Adding 17 new firewall rules
[Info/1] Firewall rule to add: TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info/1] Firewall rule to add: UDP/12820 (AMP:ADS01:ADSModule.Network.MetricsServerPort)
[Info/1] Firewall rule to add: TCP/2225 (AMP:RAD201:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info/1] Firewall rule to add: TCP/2226 (AMP:Dawncraft01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info/1] Firewall rule to add: TCP/2227 (AMP:RLCraftDregora01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info/1] Firewall rule to add: TCP/2224 (AMP:test01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info/1] Firewall rule to add: TCP/2228 (AMP:FearNightfall01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info/1] Firewall rule to add: TCP/25566 (AMP:RAD201:MinecraftModule.Minecraft.PortNumber)
[Info/1] Firewall rule to add: UDP/25566 (AMP:RAD201:MinecraftModule.Minecraft.PortNumber)
[Info/1] Firewall rule to add: TCP/25567 (AMP:Dawncraft01:MinecraftModule.Minecraft.PortNumber)
[Info/1] Firewall rule to add: UDP/25567 (AMP:Dawncraft01:MinecraftModule.Minecraft.PortNumber)
[Info/1] Firewall rule to add: TCP/25565 (AMP:RLCraftDregora01:MinecraftModule.Minecraft.PortNumber)
[Info/1] Firewall rule to add: UDP/25565 (AMP:RLCraftDregora01:MinecraftModule.Minecraft.PortNumber)
[Info/1] Firewall rule to add: TCP/25568 (AMP:test01:MinecraftModule.Minecraft.PortNumber)
[Info/1] Firewall rule to add: UDP/25568 (AMP:test01:MinecraftModule.Minecraft.PortNumber)
[Info/1] Firewall rule to add: TCP/25569 (AMP:FearNightfall01:MinecraftModule.Minecraft.PortNumber)
[Info/1] Firewall rule to add: UDP/25569 (AMP:FearNightfall01:MinecraftModule.Minecraft.PortNumber)
[Info/1] No existing firewall rules to remove
ERROR: Invalid syntax

For now, I only added sftp for one instance manually to the firewall settings. I would like for the AMP software to manage the firewall settings itself, but it fails doing so. Any advice on how to fix this would be great!

Reproduction Steps

Ran command sudo ampinstmgr updatefirewall
Checked firewall rules with ampisntmgr dumpfirewall, no rules were added
Added port manually as a workaround
Ran command to repair AMP
Ran command to fix permissions

etwodev · 25 October 2024 15:34

Also having this issue on Ubuntu.

This is causing ampfirewall.service to fail.

This is the specific command that is failing for me when ampinstmgr updatefirewall is ran:

/usr/bin/python3 /usr/sbin/ufw allow from any to any port 2223 proto tcp comment "'AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber'"

Removing the single quotes from this command fixes the issue.

Alanxrazy · 28 October 2024 00:33

Hey Etwodev!
Thanks for responding to the issue I’m having. The command given worked without any issue, Thank you for that! I wasn’t aware on how to leave comments for labeling purposes.

Previously, before updating to Phobos, AMP would automically add port rules without any human intervention during the instance creation process. Is this something that has been disabled or is there setting for it within the AMP interface?

Greelan · 28 October 2024 01:57

Update ampinstmgr via your package manager, as this issue was patched

Alanxrazy · 28 October 2024 02:24

Hey Greelan!
Thanks for notifying about the update. I just updated my ampinstmgr and restarted the machine. Unfortunately, after creating a test instance, the ports were still not added to the firewall automatically…

Command used to update ampinstmgr : sudo apt upgrade ampinstmgr

Greelan · 28 October 2024 02:48

Did you update your package list first? sudo apt update

You can’t update a package until you update the list

Greelan · 28 October 2024 02:49

BTW, easiest way to do everything (tools and instances) is:

getamp update

(Run as root. Switch to root by sudo su - )

Alanxrazy · 28 October 2024 03:11

Hey!
Yeah, I’ve updated the package list and ran the command getamp update within root.

No new updates were listed after checking.

Thanks for letting me know about the easier method of updating AMP. I’ll definitely make a note of that for future reference.

Greelan · 28 October 2024 04:26

Just learned that this fix was released with the same version number, so it won’t get updated unless forced. Grrrr

Run as root:

apt --reinstall install ampinstmgr
ampinstmgr updatefirewall

Alanxrazy · 28 October 2024 04:55

Awesome, that fixed the issue! Force reinstalling ampinstmgr applied the patch and running ampinstmgr updatefirewall is functional again. Thank you so much! I really appreciate the help @Greelan and @etwodev for the workaround!

For future reference, are these patches listed within the AMP Cubecoders discord? Would that be another way to stay up-to-date with updates?

Greelan · 28 October 2024 05:10

The release notes (including patches) are on this Discourse.

But it’s not good practice for package updates to be “silent” like this, for exactly the reason you encountered.

system · 27 November 2024 05:10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.