FWBuddy: manage your iptables firewall

[mow9902]

FWB-UserManual.png (195.28 KiB) Viewed 789 times

"An Application to assist non technical users to manage their iptables Firewall."

The operation of the puppy firewall is described to the best of my knowledge. I do not claim expert, or complete knowledge of this functionality, and I apologise in advance for any errors or misleading statements.

This Application does not provide any firewall functionality in addition to that which is already provided by the inbuilt tools. If you are fully comfortable understanding and inputting terminal commands to manage your iptables, then you will not find any use for this application.

Although the default puppy ruleset provides most of my required firewall functionality for most of the time, there are occasions when I want to make either a permanent or temporary change while I am working with a particular app or on a particular project.

On these occasions I find that I need to review and try to “relearn” how iptables work, and the process and format required to input valid commands. This is time consuming and frustrating.

FWBuddy was created to meet this need. It provides the following functionality:
• Check the current status of the firewall
• Stop the firewall OFF temporarily (can also be done with inbuilt firewall GUI)
• Restart the firewall (can also be done with inbuilt firewall GUI)
• show live statistics of data packets being filtered by the current iptables ruleset
• List in readable format the current iptables ruleset being applied
• Delete a rule from the filter table
• Add/Insert a new rule to the filter table – and also
• Include a comment to indicate the purpose of the rule
• Save the current ruleset to a location of your choice
• Load a custom ruleset to temporarily (or permanently replace the current ruleset)
• Specify a custom ruleset to be loaded whenever the system is started
• Allow for the input of a custom command

Fully portable - download and extract to your directory of choice.
Download from here: https://www.mediafire.com/file/yc19a82b ... ar.gz/file

Last Update:
09 Jan 2023 : v1.01 - Added lines to show last ruleset loaded
16 Dec 2022 : v1.00 - original version

[mow9902]

Uploaded minor version change - see original post for download link.
v1.01 - Added lines to show last ruleset loaded

[Jasper]

@mow9902

Thanks for sharing this application

I can view and edit my rules.

I do have a question to ask which is regarding the "Livestats" option.

Am I receiving an error message as I am using xtables ?

[mikewalsh]

@mow9902 :-

Neat idea. Perhaps you could show a screenie of the GUI in closeup, so everyone can see what it looks like?

Thanks.

Mike.

[mow9902]

@mow9902

Thanks for sharing this application

I can view and edit my rules.

I do have a question to ask which is regarding the "Livestats" option.

Am I receiving an error message as I am using xtables ?

@Jasper
To be perfectly honest, I'm not sure. I believe that xtables is 'sort of' a universal 'front end type' program which allows you to manage nftables, iptables, arptables as well as some others. I have no personal experience with it.

However, I do know that puppy includes a binary named "xtables-legacy-multi' in /usr/sbin
In my FWBuddy, the 'livestats' script is named "FWB-Livestats.sh"

That script simply contains a basic iptables command to list the current contents ie iptables -L -n -v --line-numbers
You can also amend that command slightly and add xtables-legacy-multi to the front of that command ie
xtables-legacy-multi iptables -L -n -v --line-numbers which will produce the same result. If this works for you, then you can just make that small change to the script on your system.

[mow9902]

@mikewalsh
I could do that - but all of the screenshots are shown (and explained) in the user manual - so I have just attached that instead. Hope this will suffice.

[mikewalsh]

@mikewalsh
I could do that - but all of the screenshots are shown (and explained) in the user manual - so I have just attached that instead. Hope this will suffice.

@mow9902 :-

Absolutely fine, old son. Blimey, you've done a bang-on job with this; I don't think I've ever seen such extensive documentation from a community member in my life. Makes my own 'Help' documentation look a bit half-assed, like some kind of afterthought...

That's excellent. Well done!

Mike.

[mow9902]

you're too kind. Hope you find some use.

[Jasper]

@mow9902

Thanks for your reply and also the inclusion of the manaul

I updated the existing build of iptables with my OS and know it is active.

My iptables working files are located elsewhere

"xtables-legacy-multi' in the old location does not change and looks like the function has been taken over by new working directory.

If you look at the gif you can see it is changing every second under the Last Modified column (second image)

[mow9902]

I'm not sure I can assist because like I said, I have no experience with xtables.

However, could you execute this command in a terminal session and show me the output. Thanks

(a) navigate to /usr/bin, open a terminal session at this location and input iptables -L -n -v --line-numbers
(b) navigate to /usr/sbin, open a terminal session at this location and input
1. ./iptables -L -n -v --line-numbers (note that the command in preceded by ./
2. xtables-legacy-multi iptables -L -n -v --line-numbers

Capture the output of each command please.

[Jasper]

@mow9902

Thanks for getting back to me and here is the information that you requested:

A.

Code: Select all

root# cd /usr/bin
root# iptables -L -n -v --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0           
2        0     0 bad_packets  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 DROP       0    --  *      *       0.0.0.0/0            224.0.0.1           
4        0     0 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
5        0     0 tcp_inbound  6    --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 udp_inbound  17   --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 icmp_packets  1    --  *      *       0.0.0.0/0            0.0.0.0/0           
8        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            PKTTYPE = broadcast

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       1    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2        0     0 ACCEPT     0    --  *      *       127.0.0.1            0.0.0.0/0           
3        0     0 ACCEPT     0    --  *      lo      0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain bad_packets (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2        0     0 bad_tcp_packets  6    --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain bad_tcp_packets (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 ctstate NEW
2        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
3        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
4        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x29
5        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x37
6        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
7        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
8        0     0 RETURN     6    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain icmp_packets (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       1    -f  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 DROP       1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
3        0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
4        0     0 RETURN     1    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcp_inbound (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 RETURN     6    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcp_outbound (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain udp_inbound (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
2        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
3        0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
4        0     0 RETURN     17   --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain udp_outbound (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0   

B1.

Code: Select all

root# cd /usr/sbin
root# ./iptables -L -n -v --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       36  1800 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0           
2     9082   18M bad_packets  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 DROP       0    --  *      *       0.0.0.0/0            224.0.0.1           
4     9082   18M ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
5        0     0 tcp_inbound  6    --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 udp_inbound  17   --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 icmp_packets  1    --  *      *       0.0.0.0/0            0.0.0.0/0           
8        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            PKTTYPE = broadcast

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       1    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2       36  1800 ACCEPT     0    --  *      *       127.0.0.1            0.0.0.0/0           
3        0     0 ACCEPT     0    --  *      lo      0.0.0.0/0            0.0.0.0/0           
4     7089  528K ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain bad_packets (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2     9038   18M bad_tcp_packets  6    --  *      *       0.0.0.0/0            0.0.0.0/0           
3     9082   18M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain bad_tcp_packets (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 ctstate NEW
2        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
3        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
4        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x29
5        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x37
6        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
7        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
8     9038   18M RETURN     6    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain icmp_packets (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       1    -f  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 DROP       1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
3        0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
4        0     0 RETURN     1    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcp_inbound (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 RETURN     6    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcp_outbound (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain udp_inbound (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
2        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
3        0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
4        0     0 RETURN     17   --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain udp_outbound (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0           
root# 

B2.

Code: Select all

root# cd /usr/sbin
root# xtables-legacy-multi iptables -L -n -v --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       36  1800 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0           
2     9327   19M bad_packets  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 DROP       0    --  *      *       0.0.0.0/0            224.0.0.1           
4     9327   19M ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
5        0     0 tcp_inbound  6    --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 udp_inbound  17   --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 icmp_packets  1    --  *      *       0.0.0.0/0            0.0.0.0/0           
8        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            PKTTYPE = broadcast

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       1    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2       36  1800 ACCEPT     0    --  *      *       127.0.0.1            0.0.0.0/0           
3        0     0 ACCEPT     0    --  *      lo      0.0.0.0/0            0.0.0.0/0           
4     7259  568K ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain bad_packets (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2     9281   19M bad_tcp_packets  6    --  *      *       0.0.0.0/0            0.0.0.0/0           
3     9327   19M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain bad_tcp_packets (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 ctstate NEW
2        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
3        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
4        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x29
5        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x37
6        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
7        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
8     9281   19M RETURN     6    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain icmp_packets (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       1    -f  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 DROP       1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
3        0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
4        0     0 RETURN     1    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcp_inbound (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 RETURN     6    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcp_outbound (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain udp_inbound (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
2        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
3        0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
4        0     0 RETURN     17   --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain udp_outbound (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0           
root# 

[mow9902]

@Jasper

ok - well, the good news is that all seems to work perfectly - so there cannot be too much wrong, and I don't think xtables is the problem. 2 more actions for you.
Navigate to the directory where you have FWBBuddy installed.
Open a terminal session

(a) type ./FWB-CallLivestats.sh (show me the output)
(b) type ./FWB-Livestats.sh (show me the output)

[Jasper]

@mow9902

Thanks again for replying back.

Attached are screenshots for your items.

The first is request B
The second is request A

[mow9902]

@Jasper

Thanks Jasper - Still trying to analyse this. It seems that all is working as expected except for FWB-CallLivestats.sh ...which simply opens a new terminal session using urxvt and executes the FWB-Livestats.sh script which we have already proven works when executed by itself.

So, at this point I have to look at the terminal program itself. My script is expecting that:
- you have a 64bit system and
- you have the urxvt program in /usr/bin
(a) Please confirm this is the case for your system.

(b) In addition, my urxvt version is v9.22 so we should check that as well. You can do this by opening a terminal session and typing urxvt -help and the version will be shown on the first line of the output.

(c) open a terminal session and type (and send me the output)
urxvt -bg black -fg yellow -icon "/root/my-applications/FWBuddy/ICONS/FWB.png" -geometry 140x40 -e "/root/my-applications/FWBuddy/FWB-Livestats.sh"

[Jasper]

@mow9902

I do appreciate you investigating this for me.

I am using Fossapup64-9.5 (x64).

I also agree that it is working except for one script.

All the information requested is in the screenshot

[mow9902]

ok - this is quite frustrating, and I want to find the answer.

Looks like we will have to do it the hard way and find out which particular line in the script is causing the problem.

In the FWB-Livestats.sh can you comment out lines 12 to 19 (inclusive) and also 23 to 36 (inclusive), so that the only active line left is 21

Then execute the script in a terminal session again.
If this works ok - then uncomment lines 28 to 36 and run again.
if that works ok - then uncomment all lines and then comment lines 12 and 18 and run again.

[Jasper]

@mow9902

Followed out the instructions but it failed on the onset.

I did go through all of them regardless as shown in my screenshots.

Yes, I was online when running the scripts.

[mow9902]

ok - seems like we have a problem with the iptables command on line 21.

Comment out all lines except line 21
change line 21 to iptables -L
run again and show me the output

Also, in a terminal, type "which iptables" and show the output

[Jasper]

@mow9902

Here is the information requested.

I added the second screenshot as it informs me that the firewall is active and I can view the rules.

[Jasper]

If I run the command directly in terminal it does give me details

[mow9902]

change the line to /usr/bin/iptables -L -n -v and try again.

[Jasper]

@mow9902

Is this correct?

I do feel incredibly guilty for your 1:1 support and I do not know if this is an OS issue.

I just checked your initial post and it did not specify if it was OS specific.

I am using this build of Iptables

viewtopic.php?p=83822#p83822

Click through thumbnail to demonstrate that the tables are changing constantly.

[mow9902]

Jasper - I really don't know what exactly is causing this problem - I'm starting to suspect some difference in your iptables; but honestly I'm not sure.

However - we might be able to work around this issue with this small change.

In the script FWBuddy.sh line 215 change the current line:
From: <action>exec "'$PROGRAMDIR'/FWB-CallLivestats.sh"</action>
To: <action>urxvt -bg black -fg yellow -icon "$ICONS_FWB" -geometry 140x40 -e "$PROGRAMDIR"/FWB-Livestats.sh</action>

Then try executing from the GUI as normal.

This will make the script FWB-CallLivestats.sh redundant and no longer needed.
If this does not work either, then I'm out of ideas; it is just too difficult to troubleshoot in more detail without actually being able to see the details of what is happening in your system.

[Jasper]

@mow9902

I implemented the change you suggested and restarted the application.

Same result.

No worries, thank you so much for helping me over and over again

[mow9902]

One last try ...

change the line to xtables-legacy-multi iptables -L -n -v --line-numbers and try again.

Also - I'm curious. What OS are you using?

We should also see if the problem is caused by the terminal emulator you are using. You will see that I have used urxvt which is present on just about all systems.
But - if you have something else available - rxvt or perhaps lxterminal or whatever, then you should try using that - but obviously you will have to change the command to suit the options available eg if you wanted to use

• rxvt - the command would be: rxvt -bg black -fg yellow -icon "$ICONS_FWB" -geometry 140x40 -e "$PROGRAMDIR"/FWB-Livestats.sh

• lxterminal - the command would be: lxterminal --geometry=140x40 -e "$PROGRAMDIR"/FWB-Livestats.sh

[Jasper]

@mow9902

Using Fossapup64-95 and Urxvt as my terminal console.

Can you tell me which script I need to change the instructions to?

change the line to xtables-legacy-multi iptables -L -n -v --line-numbers and try again.

I don't want to second guess, thank you

[mow9902]

In the script FWB-Livestats.sh - change the line
from: iptables -L -n -v --line-numbers
to: xtables-legacy-multi iptables -L -n -v --line-numbers

AND
In the script FWBuddy.sh - try with
(a) <action>urxvt -bg black -fg yellow -icon "$ICONS_FWB" -geometry 140x40 -e "$PROGRAMDIR"/FWB-Livestats.sh</action>
(b) <action>rxvt -bg black -fg yellow -icon "$ICONS_FWB" -geometry 140x40 -e "$PROGRAMDIR"/FWB-Livestats.sh</action>

[Jasper]

lol, I think I am going mad .... I am sure that I posted earlier with 2 screenshots attached and a link to another thread in this forum re: rc.firewall script error , which is a few threads earlier in this subsection.

Anyway, have my first coffee of the day in front of me now

This is the link (again) to the thread:

viewtopic.php?t=7402

[mow9902]

Sorry Jasper - I will have to give up on this one. I have exhausted all ideas I can think of remotely. I have the same system as you and the same versions of the apps, and I cannot reproduce the error.
I'm sure it is something quite trivial, but without direct access to the system I could be guessing forever. If you have access to another puppy version I would try the app there and see what happens.
Other than that - all I can say is good luck.

[Jasper]

@mow9902

Thank you so much for helping and providing suggestions.

I did consider recompiling iptables with nftables instead of xtables.

I think the time may be to migrate onto a newer build of Puppy.