[ { "id": "d039a859.955df", "type": "tab", "label": "Emergency work-around v4.5 & older", "disabled": false, "info": "" }, { "id": "2e05282e.0db478", "type": "inject", "z": "d039a859.955df", "name": "", "repeat": "", "crontab": "", "once": false, "onceDelay": 0.1, "topic": "", "payload": "", "payloadType": "date", "x": 75, "y": 4340, "wires": [ [ "754a1af6.5ac81c" ] ], "l": false }, { "id": "754a1af6.5ac81c", "type": "delay", "z": "d039a859.955df", "name": "", "pauseType": "rate", "timeout": "5", "timeoutUnits": "seconds", "rate": "1", "nbRateUnits": "1", "rateUnits": "hour", "randomFirst": "1", "randomLast": "5", "randomUnits": "seconds", "drop": true, "x": 200, "y": 4340, "wires": [ [ "82b81e55.786e5" ] ] }, { "id": "5c6d6ccb.602354", "type": "comment", "z": "d039a859.955df", "name": "Only run this flow once", "info": "", "x": 160, "y": 4300, "wires": [] }, { "id": "82b81e55.786e5", "type": "exec", "z": "d039a859.955df", "command": "rm", "addpay": false, "append": "-f /opt/realknx/logs/realknx.stdout", "useSpawn": "false", "timer": "", "oldrc": false, "name": "", "x": 90, "y": 4455, "wires": [ [ "59e301c0.955958" ], [ "44f57dc6.33b5bc" ], [ "bd64e4e7.8c71e", "b24b4f2.72a1db" ] ], "l": false }, { "id": "bd64e4e7.8c71e", "type": "exec", "z": "d039a859.955df", "command": "iptables", "addpay": false, "append": "-A OUTPUT -p icmp --icmp-type echo-request -j DROP", "useSpawn": "false", "timer": "", "oldrc": false, "name": "", "x": 195, "y": 4455, "wires": [ [ "f1b141c5.12195" ], [ "6abcd2a9.d06f34" ], [ "7d3987c2.e32b9", "e28b9851.c94af8" ] ], "l": false }, { "id": "8d8890f0.07f618", "type": "exec", "z": "d039a859.955df", "command": "reboot", "addpay": false, "append": "", "useSpawn": "false", "timer": "", "oldrc": false, "name": "", "x": 605, "y": 4455, "wires": [ [ "bc81b8ae.06b6a" ], [ "5dda256c.883404" ], [ "9036143.b6ad568" ] ], "l": false }, { "id": "59e301c0.955958", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 150, "y": 4525, "wires": [], "l": false }, { "id": "44f57dc6.33b5bc", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 150, "y": 4565, "wires": [], "l": false }, { "id": "b24b4f2.72a1db", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 150, "y": 4605, "wires": [], "l": false }, { "id": "f1b141c5.12195", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 245, "y": 4525, "wires": [], "l": false }, { "id": "6abcd2a9.d06f34", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 245, "y": 4565, "wires": [], "l": false }, { "id": "7d3987c2.e32b9", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 245, "y": 4605, "wires": [], "l": false }, { "id": "bc81b8ae.06b6a", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 675, "y": 4520, "wires": [], "l": false }, { "id": "5dda256c.883404", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 675, "y": 4560, "wires": [], "l": false }, { "id": "9036143.b6ad568", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 675, "y": 4600, "wires": [], "l": false }, { "id": "e28b9851.c94af8", "type": "exec", "z": "d039a859.955df", "command": "echo", "addpay": false, "append": " iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections", "useSpawn": "false", "timer": "", "oldrc": false, "name": "", "x": 305, "y": 4455, "wires": [ [ "78d54291.50facc" ], [ "80291e19.4c13d" ], [ "c1822b71.638498", "64d03f58.84e148" ] ], "l": false }, { "id": "78d54291.50facc", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 355, "y": 4525, "wires": [], "l": false }, { "id": "80291e19.4c13d", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 355, "y": 4565, "wires": [], "l": false }, { "id": "c1822b71.638498", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 355, "y": 4605, "wires": [], "l": false }, { "id": "3685af6b.44095", "type": "exec", "z": "d039a859.955df", "command": "apt-get", "addpay": false, "append": "install -y iptables-persistent", "useSpawn": "false", "timer": "", "oldrc": false, "name": "", "x": 485, "y": 4455, "wires": [ [ "dbd4e77f.6f67a" ], [ "3bbbb4ff.4161bc" ], [ "20a99c5a.1d8fac", "8d8890f0.07f618" ] ], "l": false }, { "id": "dbd4e77f.6f67a", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 565, "y": 4515, "wires": [], "l": false }, { "id": "3bbbb4ff.4161bc", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 565, "y": 4555, "wires": [], "l": false }, { "id": "20a99c5a.1d8fac", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 565, "y": 4595, "wires": [], "l": false }, { "id": "64d03f58.84e148", "type": "exec", "z": "d039a859.955df", "command": "echo", "addpay": false, "append": "iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections", "useSpawn": "false", "timer": "", "oldrc": false, "name": "", "x": 395, "y": 4455, "wires": [ [ "50ab89eb.537e3" ], [ "9e190766.68ebf" ], [ "58e48db9.b64eb4", "3685af6b.44095" ] ], "l": false }, { "id": "50ab89eb.537e3", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 445, "y": 4525, "wires": [], "l": false }, { "id": "9e190766.68ebf", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 445, "y": 4565, "wires": [], "l": false }, { "id": "58e48db9.b64eb4", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 445, "y": 4605, "wires": [], "l": false }, { "id": "75029e18.a9cbd8", "type": "comment", "z": "d039a859.955df", "name": "Documentation ", "info": "v.2021-22-14 Added restore flow\nv.2021-22-12 Added\n\nThis flow will disable outgoing ping. This will prevent realKNX from the access of public IP service, which fails and prevents the system from starting.\nThis should solve the issue on all systems, but if you have realKNX 4.6 it is preferred to update the system.\nThis flow has been tested \n* Aragon WL\n\n**When/if the system has been updated to realKNX v4.6.60+**\nyou can remove the fix with the 2nd lower flow", "x": 390, "y": 4300, "wires": [] }, { "id": "76aa2b25.3f847c", "type": "comment", "z": "d039a859.955df", "name": "Note: the system will Reboot here", "info": "", "x": 670, "y": 4410, "wires": [] }, { "id": "f82016ee.b8f5e8", "type": "inject", "z": "d039a859.955df", "name": "", "repeat": "", "crontab": "", "once": false, "onceDelay": 0.1, "topic": "", "payload": "", "payloadType": "date", "x": 75, "y": 4715, "wires": [ [ "db65fce6.a9add" ] ], "l": false }, { "id": "db65fce6.a9add", "type": "delay", "z": "d039a859.955df", "name": "", "pauseType": "rate", "timeout": "5", "timeoutUnits": "seconds", "rate": "1", "nbRateUnits": "1", "rateUnits": "hour", "randomFirst": "1", "randomLast": "5", "randomUnits": "seconds", "drop": true, "x": 200, "y": 4715, "wires": [ [ "5c2d057a.e05bcc" ] ] }, { "id": "5c2d057a.e05bcc", "type": "exec", "z": "d039a859.955df", "command": "iptables", "addpay": false, "append": "-D OUTPUT -p icmp --icmp-type echo-request -j DROP", "useSpawn": "false", "timer": "", "oldrc": false, "name": "", "x": 195, "y": 4830, "wires": [ [ "f69f2be9.9cd0e" ], [ "e12e5272.0edc8" ], [ "fd5bac2c.14b578", "fb3c0bc6.2b00e" ] ], "l": false }, { "id": "1604edff.c82b22", "type": "exec", "z": "d039a859.955df", "command": "reboot", "addpay": false, "append": "", "useSpawn": "false", "timer": "", "oldrc": false, "name": "", "x": 605, "y": 4830, "wires": [ [ "e41508ca.a496a8" ], [ "a7fe4a4.c253338" ], [ "b269365f.7f2dc" ] ], "l": false }, { "id": "f69f2be9.9cd0e", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 245, "y": 4900, "wires": [], "l": false }, { "id": "e12e5272.0edc8", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 245, "y": 4940, "wires": [], "l": false }, { "id": "fd5bac2c.14b578", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 245, "y": 4980, "wires": [], "l": false }, { "id": "e41508ca.a496a8", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 675, "y": 4895, "wires": [], "l": false }, { "id": "a7fe4a4.c253338", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 675, "y": 4935, "wires": [], "l": false }, { "id": "b269365f.7f2dc", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 675, "y": 4975, "wires": [], "l": false }, { "id": "fb3c0bc6.2b00e", "type": "exec", "z": "d039a859.955df", "command": "apt-get", "addpay": false, "append": "purge -y iptables-persistent", "useSpawn": "false", "timer": "", "oldrc": false, "name": "", "x": 485, "y": 4830, "wires": [ [ "2e9d0efb.4d701a" ], [ "55cb8db2.1fe3b4" ], [ "a5921b09.6c3e3", "1604edff.c82b22" ] ], "l": false }, { "id": "2e9d0efb.4d701a", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 565, "y": 4890, "wires": [], "l": false }, { "id": "55cb8db2.1fe3b4", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 565, "y": 4930, "wires": [], "l": false }, { "id": "a5921b09.6c3e3", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 565, "y": 4970, "wires": [], "l": false }, { "id": "8a84df44.a31d4", "type": "comment", "z": "d039a859.955df", "name": "Note: the system will Reboot here", "info": "", "x": 670, "y": 4785, "wires": [] }, { "id": "636d09b2.be9d68", "type": "comment", "z": "d039a859.955df", "name": "↓ TO RESTORE/REMOVE THE FIX ↓ Only run this flow once ", "info": "", "x": 285, "y": 4675, "wires": [] }, { "id": "7442f40c.f61ecc", "type": "inject", "z": "d039a859.955df", "name": "", "repeat": "", "crontab": "", "once": false, "onceDelay": 0.1, "topic": "", "payload": "", "payloadType": "date", "x": 95, "y": 80, "wires": [ [ "4c939c2f.068e44" ] ], "l": false }, { "id": "4c939c2f.068e44", "type": "delay", "z": "d039a859.955df", "name": "", "pauseType": "rate", "timeout": "5", "timeoutUnits": "seconds", "rate": "1", "nbRateUnits": "1", "rateUnits": "hour", "randomFirst": "1", "randomLast": "5", "randomUnits": "seconds", "drop": true, "x": 220, "y": 80, "wires": [ [ "89d84d61.a9281" ] ] }, { "id": "d0e86f3e.699b18", "type": "comment", "z": "d039a859.955df", "name": "Only run this flow once", "info": "", "x": 180, "y": 40, "wires": [] }, { "id": "89d84d61.a9281", "type": "exec", "z": "d039a859.955df", "command": "rm", "addpay": false, "append": "-f /opt/realknx/logs/realknx.stdout", "useSpawn": "false", "timer": "", "oldrc": false, "name": "", "x": 110, "y": 195, "wires": [ [ "558f0f20.b1688", "6018cf64.f30eb8", "6136e3ee.70bcdc" ], [ "5bb058ea.bf288" ], [ "7468bbdf.e336f4" ] ], "l": false }, { "id": "558f0f20.b1688", "type": "debug", "z": "d039a859.955df", "name": "", "active": false, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 170, "y": 265, "wires": [], "l": false }, { "id": "5bb058ea.bf288", "type": "debug", "z": "d039a859.955df", "name": "", "active": false, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 170, "y": 305, "wires": [], "l": false }, { "id": "7468bbdf.e336f4", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 170, "y": 345, "wires": [], "l": false }, { "id": "8ec7ac28.6ee2", "type": "comment", "z": "d039a859.955df", "name": "Documentation v.2021-11-19 (Version 4)", "info": "v.2021-11-19 (Version 4):\nAdded \"sudo sysctl -p\" to the end of realknx-start\nv.2021-11-19 (Version 3):\nBlock all ipv6 by adding the following lines to end of /etc/sysctl.conf\n - net.ipv6.conf.all.disable_ipv6 = 1\n - net.ipv6.conf.default.disable_ipv6 = 1\n - net.ipv6.conf.lo.disable_ipv6 = 1\nThe reason to block ipv6 is the ping to google.com can pass via ipv6\n\nv.2021-11-16 (Version 2):\n - Version 1 is at the bottom of the flow\n - Version 2: add the prevention code directly to the start-realknx bash script. \n The prevention code does:\n 1) Search for \"Drop icmp\" line in iptables file\n 2) Add the \"Drop icmp\" line if it is not in the iptables file\n 3) Test a ping to google.com and save the result in log file (for debug)\n \nv.2021-22-14 Added restore flow\nv.2021-22-12 Added\n\nThis flow will disable outgoing ping. This will prevent realKNX from the access of public IP service, which fails and prevents the system from starting.\nThis should solve the issue on all systems, but if you have realKNX 4.6 it is preferred to update the system.\nThis flow has been tested \n* Aragon WL\n\n**When/if the system has been updated to realKNX v4.6.60+**\nyou can remove the fix with the 2nd lower flow", "x": 500, "y": 40, "wires": [] }, { "id": "9ded8d4.6ff5ef", "type": "exec", "z": "d039a859.955df", "command": "reboot", "addpay": false, "append": "", "useSpawn": "false", "timer": "", "oldrc": false, "name": "", "x": 495, "y": 240, "wires": [ [ "8d429696.176868" ], [ "f8b7601a.f1cbc8" ], [ "fdf17f53.269a3" ] ], "l": false }, { "id": "8d429696.176868", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 575, "y": 240, "wires": [], "l": false }, { "id": "f8b7601a.f1cbc8", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 575, "y": 280, "wires": [], "l": false }, { "id": "fdf17f53.269a3", "type": "debug", "z": "d039a859.955df", "name": "", "active": true, "tosidebar": true, "console": false, "tostatus": false, "complete": "payload", "targetType": "msg", "x": 575, "y": 320, "wires": [], "l": false }, { "id": "cf3f8c48.50e0d8", "type": "comment", "z": "d039a859.955df", "name": "Note: the system will Reboot here", "info": "", "x": 580, "y": 180, "wires": [] }, { "id": "c2257ab.bc8d608", "type": "split", "z": "d039a859.955df", "name": "", "splt": "\\n", "spltType": "str", "arraySplt": 1, "arraySpltType": "len", "stream": false, "addname": "", "x": 315, "y": 180, "wires": [ [ "7fb4aae7.68f464" ] ], "l": false }, { "id": "6018cf64.f30eb8", "type": "template", "z": "d039a859.955df", "name": "Prevention code", "field": "payload", "fieldType": "msg", "format": "text", "syntax": "plain", "template": "\n# Check if \"DROP icmp\" line exists in iptables\n# if not it will be added to prevent outgoing ping\nmatch=$(sudo iptables -L | egrep \"(DROP.*icmp)\")\n\nif [ -z \"$match\" ]\nthen\n\techo \"There is no DROP icmp, adding it...\" >> logs/realknx.stdout\n\tsudo iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP\n\tsleep 1\nelse\n\techo \"There is a DROP icmp\" >> logs/realknx.stdout\nfi\n\nsudo sysctl -p\nsudo ping -c1 google.com >> logs/realknx.stdout || true", "output": "str", "x": 255, "y": 180, "wires": [ [ "c2257ab.bc8d608" ] ], "l": false }, { "id": "7fb4aae7.68f464", "type": "file", "z": "d039a859.955df", "name": "Add code to start-realknx.sh", "filename": "/opt/realknx/start-realknx.sh", "appendNewline": true, "createDir": false, "overwriteFile": "false", "encoding": "none", "x": 375, "y": 180, "wires": [ [] ], "l": false }, { "id": "6136e3ee.70bcdc", "type": "template", "z": "d039a859.955df", "name": "Prevention code block ipv6", "field": "payload", "fieldType": "msg", "format": "text", "syntax": "plain", "template": "\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1\nnet.ipv6.conf.lo.disable_ipv6 = 1\n", "output": "str", "x": 255, "y": 240, "wires": [ [ "e9fc3601.7a3b08" ] ], "l": false }, { "id": "7f069ba1.97474c", "type": "file", "z": "d039a859.955df", "name": "Add code to /etc/sysctl.conf", "filename": "/etc/sysctl.conf", "appendNewline": true, "createDir": false, "overwriteFile": "false", "encoding": "none", "x": 375, "y": 240, "wires": [ [ "18e704f0.6b5e5b" ] ], "l": false }, { "id": "18e704f0.6b5e5b", "type": "delay", "z": "d039a859.955df", "name": "", "pauseType": "delay", "timeout": "5", "timeoutUnits": "seconds", "rate": "1", "nbRateUnits": "1", "rateUnits": "second", "randomFirst": "1", "randomLast": "5", "randomUnits": "seconds", "drop": false, "x": 435, "y": 240, "wires": [ [ "9ded8d4.6ff5ef" ] ], "l": false }, { "id": "e9fc3601.7a3b08", "type": "split", "z": "d039a859.955df", "name": "", "splt": "\\n", "spltType": "str", "arraySplt": 1, "arraySpltType": "len", "stream": false, "addname": "", "x": 315, "y": 240, "wires": [ [ "7f069ba1.97474c" ] ], "l": false } ]