Re: [Shorewall-users] using events to allow ident only from recent irc connections
On 6/19/2018 7:14 PM, Brian J. Murrell wrote: > On Tue, 2018-06-19 at 09:39 -0700, Tom Eastep wrote: >> >> It is in 5.2.0 > > Hrm. I had to patch /usr/share/shorewall/action.IfEvent by hand with > 5.2.0. > >> Does your distro install the common Shorewall files in >> a directory other than /usr/share/shorewall/? > > I don't believe so, no: > > $ rpm -qf /usr/share/shorewall/action.IfEvent > shorewall-5.2.0-0.01.fc28.noarch > >> Does 'shorewall show >> actions' list IfEvent? > > $ sudo shorewall show actions | grep IfEvent > IfEventnoinline # Perform an action based > on an event > > Here's what's in the tarball I downloaded: > > $ md5sum shorewall-5.2.0.tar.bz2 > 64197788451a266d542f0af17fa9da12 shorewall-5.2.0.tar.bz2 > $ tar xOjvf shorewall-5.2.0.tar.bz2 shorewall-5.2.0/Actions/action.IfEvent | > sed -ne '135,141p' > # > # if the event is armed, remove it and perform the action > # > perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent > --remove --name $event" ); > } elsif ( $command & $UPDATE_CMD ) { > perl_action_helper( $action, "-m recent --update ${duration}--hitcount > $hitcount --name $event $srcdst" ); > } else { > > Which looks to me like the unpatched version, or am I mistaken? > > I'd do some git archaeology to see when this patch went in but it seems > SF's git-web interface is pretty immature in that respect. Github's > "Blame" functionality would tell the story. > Looks like the change is in tag '5.2.0.1' in the code repo. -Matt -- Matt Darfeuille -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] using events to allow ident only from recent irc connections
On Tue, 2018-06-19 at 09:39 -0700, Tom Eastep wrote: > > It is in 5.2.0 Hrm. I had to patch /usr/share/shorewall/action.IfEvent by hand with 5.2.0. > Does your distro install the common Shorewall files in > a directory other than /usr/share/shorewall/? I don't believe so, no: $ rpm -qf /usr/share/shorewall/action.IfEvent shorewall-5.2.0-0.01.fc28.noarch > Does 'shorewall show > actions' list IfEvent? $ sudo shorewall show actions | grep IfEvent IfEvent noinline # Perform an action based on an event Here's what's in the tarball I downloaded: $ md5sum shorewall-5.2.0.tar.bz2 64197788451a266d542f0af17fa9da12 shorewall-5.2.0.tar.bz2 $ tar xOjvf shorewall-5.2.0.tar.bz2 shorewall-5.2.0/Actions/action.IfEvent | sed -ne '135,141p' # # if the event is armed, remove it and perform the action # perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent --remove --name $event" ); } elsif ( $command & $UPDATE_CMD ) { perl_action_helper( $action, "-m recent --update ${duration}--hitcount $hitcount --name $event $srcdst" ); } else { Which looks to me like the unpatched version, or am I mistaken? I'd do some git archaeology to see when this patch went in but it seems SF's git-web interface is pretty immature in that respect. Github's "Blame" functionality would tell the story. Speaking of git, you have 3 merge requests open on Shorewall, FWIW. Some have been there quite a while. Cheers, b. signature.asc Description: This is a digitally signed message part -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] using events to allow ident only from recent irc connections
On 06/19/2018 08:41 AM, Brian J. Murrell wrote: > On Fri, 2018-04-13 at 09:08 -0700, Tom Eastep wrote: >> >> In the process, I discovered a bug in the 'reset' logic of IfEvent() >> when 'dst' is specified; that bug is corrected by the attached patch: >> >> patch /usr/share/shorewall/action.IfEvent < IfEvent.patch > > I see this is missing from 5.2.0. Is it queued for a subsequent > release? > It is in 5.2.0 - Does your distro install the common Shorewall files in a directory other than /usr/share/shorewall/? Does 'shorewall show actions' list IfEvent? -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] using events to allow ident only from recent irc connections
On Fri, 2018-04-13 at 09:08 -0700, Tom Eastep wrote: > > In the process, I discovered a bug in the 'reset' logic of IfEvent() > when 'dst' is specified; that bug is corrected by the attached patch: > > patch /usr/share/shorewall/action.IfEvent < IfEvent.patch I see this is missing from 5.2.0. Is it queued for a subsequent release? Cheers, b. signature.asc Description: This is a digitally signed message part -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] using events to allow ident only from recent irc connections
On 04/15/2018 08:38 AM, Brian J. Murrell wrote: > On Fri, 2018-04-13 at 09:08 -0700, Tom Eastep wrote: >> >> I've tested the following: >> >> # >> # >> # IRC >> # >> SetEvent(IRC) { SOURCE=loc,apps, >> DEST=net, PROTO=tcp, DPORT=6667 } >> IfEvent(IRC,ACCEPT,10,1,dst,reset){ SOURCE=net, >> DEST=loc,apps, PROTO=tcp, DPORT=113 } > > What is the significance of "apps" in these two rules? Is it just > another zone name in your configuration? > Yes -- it is just another zone name. -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] using events to allow ident only from recent irc connections
On 04/15/2018 08:46 AM, Brian J. Murrell wrote: > Damn. I knew I shouldn't have hit send so quickly... > > On Fri, 2018-04-13 at 09:08 -0700, Tom Eastep wrote: >> diff --git a/Shorewall/Actions/action.IfEvent >> b/Shorewall/Actions/action.IfEvent >> index 5f245ed22..64cbb8e25 100644 >> --- a/Shorewall/Actions/action.IfEvent >> +++ b/Shorewall/Actions/action.IfEvent >> @@ -135,7 +135,7 @@ if ( $command & $RESET_CMD ) { >> # >> # if the event is armed, remove it and perform the action >> # >> -perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent >> --remove --name $event" ); >> +perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent >> --remove --name $event $srcdest" ); > > $srcdest here or $srcdst? > >> } elsif ( $command & $UPDATE_CMD ) { >> perl_action_helper( $action, "-m recent --update ${duration}--hitcount >> $hitcount --name $event $srcdst" ); >> } else { > Should be $srcdst. -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] using events to allow ident only from recent irc connections
Damn. I knew I shouldn't have hit send so quickly... On Fri, 2018-04-13 at 09:08 -0700, Tom Eastep wrote: > diff --git a/Shorewall/Actions/action.IfEvent > b/Shorewall/Actions/action.IfEvent > index 5f245ed22..64cbb8e25 100644 > --- a/Shorewall/Actions/action.IfEvent > +++ b/Shorewall/Actions/action.IfEvent > @@ -135,7 +135,7 @@ if ( $command & $RESET_CMD ) { > # > # if the event is armed, remove it and perform the action > # > -perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent > --remove --name $event" ); > +perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent > --remove --name $event $srcdest" ); $srcdest here or $srcdst? > } elsif ( $command & $UPDATE_CMD ) { > perl_action_helper( $action, "-m recent --update ${duration}--hitcount > $hitcount --name $event $srcdst" ); > } else { Cheers, b. signature.asc Description: This is a digitally signed message part -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] using events to allow ident only from recent irc connections
On Fri, 2018-04-13 at 09:08 -0700, Tom Eastep wrote: > > I've tested the following: > > # > # > # IRC > # > SetEvent(IRC) { SOURCE=loc,apps, > DEST=net, PROTO=tcp, DPORT=6667 } > IfEvent(IRC,ACCEPT,10,1,dst,reset){ SOURCE=net, > DEST=loc,apps, PROTO=tcp, DPORT=113 } What is the significance of "apps" in these two rules? Is it just another zone name in your configuration? Cheers, b. signature.asc Description: This is a digitally signed message part -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] using events to allow ident only from recent irc connections
On 04/13/2018 06:24 AM, Brian J. Murrell wrote: > I'm having trouble wrapping my mind around what the Events > configuration looks like for the use-case of an IRC server wanting to > reach the ident server of an IRC client on connect. > > I.e. If IRC client C makes a connection to IRC server S on port 6667, > then IRC server S is allowed to connect from any port to IRC client C > on port 113 for the next 10 seconds. > > Any hints? I've tested the following: ## # IRC # SetEvent(IRC) { SOURCE=loc,apps, DEST=net, PROTO=tcp, DPORT=6667 } IfEvent(IRC,ACCEPT,10,1,dst,reset){ SOURCE=net, DEST=loc,apps, PROTO=tcp, DPORT=113 } In the process, I discovered a bug in the 'reset' logic of IfEvent() when 'dst' is specified; that bug is corrected by the attached patch: patch /usr/share/shorewall/action.IfEvent < IfEvent.patch -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ diff --git a/Shorewall/Actions/action.IfEvent b/Shorewall/Actions/action.IfEvent index 5f245ed22..64cbb8e25 100644 --- a/Shorewall/Actions/action.IfEvent +++ b/Shorewall/Actions/action.IfEvent @@ -135,7 +135,7 @@ if ( $command & $RESET_CMD ) { # # if the event is armed, remove it and perform the action # -perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent --remove --name $event" ); +perl_action_helper( $action , "-m mark --mark $mark/$mark -m recent --remove --name $event $srcdest" ); } elsif ( $command & $UPDATE_CMD ) { perl_action_helper( $action, "-m recent --update ${duration}--hitcount $hitcount --name $event $srcdst" ); } else { signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users