[Bug 1277554] [NEW] Incorrect parsing of ip/iface in config files

Mike C. Fletcher Fri, 07 Feb 2014 07:26:38 -0800

Public bug reported:

Hi there,


The version of arno-iptables-firewall on Ubuntu 12.04 (Lucid) 2.0.0 has
a bug that manifests when using vlan-tagged interfaces with individual
interfaces allowing particular ports, for instance, the configuration:

DC_EXT_IF="eth1 eth2.3 "
DC_EXT_IF_DHCP_IP=1
# 22, 80, 443 and 161 (SNMP) should only be on the management interface(s)
DC_OPEN_TCP="eth1#22 eth1#80 eth1#443 eth1#161 eth2.3#22 eth2.3#80 eth2.3#443 
eth2.3#161 "
DC_OPEN_UDP="eth1#8000 eth1#161 eth2.3#8000 eth2.3#161 "
DC_INT_IF="eth0 "
DC_NAT=1
DC_INTERNAL_NET="198.51.100.0/24"
DC_NAT_INTERNAL_NET="198.51.100.0/24"
DC_OPEN_ICMP=1
RP_FILTER=0

will produce errors on loading, as the eth2.3#22 (and the rest) will all
be mis-recognized as ip addresses instead of interfaces.  This can be
fixed by patching the firewall "environment" file (share/arno-iptables-
firewall/environment) with the attached context diff.

To test the patch, source the environment file and run:

$ source environment 
$ get_ifs eth2.3#22
+
$ get_ips eth2.3#22
eth2.3
$ source new-environment 
$ get_ifs eth2.3#22
eth2.3
$ get_ips eth2.3#22
0/0

the version of arno in 12.04 is 2.0.0c vs the current 2.0.1 release, so
I expect this won't be all that useful upstream, but it would be nice to
have a fix for 12.04 servers. I've sent a message to the upstream user's
list with the patch as well, in case they wish to release a point
revision of 2.0.0.

** Affects: arno-iptables-firewall (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "Patch to the share/arno-iptables-firewall/environment 
file to fix the bug"
   
https://bugs.launchpad.net/bugs/1277554/+attachment/3972577/+files/arno-vlan-parsing.patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1277554

Title:
  Incorrect parsing of ip/iface in config files

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/arno-iptables-firewall/+bug/1277554/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1277554] [NEW] Incorrect parsing of ip/iface in config files

Reply via email to