Hi,
I think I ran into a bug when using the Events feature. If I define the
following action:
action.Never
---
?format 2
SetEvent(NEVER) - - tcp 2000
---
and I add this line to rules:
Never net $FW tcp 1000
What I expect to happen is that the NEVER event is never triggered.
Because I believe this should generate the following in pseudo code:
if (dport == 1000) {
if (dport === 2000) {
SetEvent(NEVER)
ACCEPT
}
}
However when connecting to port 1000 it is actually set! Use 'shorewall
show events' to confirm. Because the actual flow:
if (dport == 1000) {
SetEvent(NEVER)
if (dport == 2000) {
ACCEPT
}
}
I also figured out what the problem is. The rule that is generated is
the following:
-A Never -p tcp -m recent --set --name NEVER --mask 255.255.255.255
--rsource -m tcp --dport 2000 -j ACCEPT
which will first set the NEVER event and only then test the destination
port. The correct rule is:
-A Never -p tcp -m tcp --dport 2000 -m recent --set --name NEVER --mask
255.255.255.255 --rsource -j ACCEPT
so swapping the two matchers. Unfortunately changing this is not trivial
because it will change the behaviour of existing configurations. So may
be an option in shorewall.conf to toggle the correct behaviour?
Shorewall version: 4.6.4.3 (as packaged by Debian Jessie in
shorewall_4.6.4.3-2)
Laurens
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
