Re: [Shorewall-users] Incorrect rule generation in events

Sat, 25 Apr 2015 17:13:34 -0700 

On 4/24/2015 12:15 AM, Laurens Blankers wrote:
> Hi,
> 
> I think I ran into a bug when using the Events feature. If I define the
> following action:
> 
> action.Never
> ---
> ?format 2
> SetEvent(NEVER)    -    -    tcp    2000
> ---
> 
> and I add this line to rules:
> 
> Never    net    $FW    tcp    1000
> 
> What I expect to happen is that the NEVER event is never triggered.
> Because I believe this should generate the following in pseudo code:
> 
> if (dport == 1000) {
>     if (dport === 2000) {
>         SetEvent(NEVER)
>         ACCEPT
>     }
> }
> 
> However when connecting to port 1000 it is actually set! Use 'shorewall
> show events' to confirm. Because the actual flow:
> 
> if (dport == 1000) {
>     SetEvent(NEVER)
>     if (dport == 2000) {
>         ACCEPT
>     }
> }
> 
> I also figured out what the problem is. The rule that is generated is
> the following:
> 
> -A Never -p tcp -m recent --set --name NEVER --mask 255.255.255.255
> --rsource -m tcp --dport 2000 -j ACCEPT
> 
> which will first set the NEVER event and only then test the destination
> port. The correct rule is:
> 
> -A Never -p tcp -m tcp --dport 2000 -m recent --set --name NEVER --mask
> 255.255.255.255 --rsource -j ACCEPT
> 
> so swapping the two matchers. Unfortunately changing this is not trivial
> because it will change the behaviour of existing configurations. So may
> be an option in shorewall.conf to toggle the correct behaviour?

It is okay if I only change the behavior of SetEvent and ResetEvent, I
think -- the current behavior is pretty broken.

> 
> Shorewall version: 4.6.4.3 (as packaged by Debian Jessie in
> shorewall_4.6.4.3-2)
> 

Corrected in
http://sourceforge.net/p/shorewall/code/ci/42f75f7ba22a66ed480a5297f3f1d5292627cdf0/

Regards,
-Tom
-- 
Tom
Tom Eastep
http://www.shorewall.net

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to