[Firehol-support] 2.02 and src with multiple IPs - syntax change?
Whit Blauvelt
whit at transpect.com
Thu Mar 19 16:38:28 CET 2015
Looks like the new requirement is that multiple IPs be enclosed in quotes
and with spaces, not commas, in between.
There are still examples in the doc of commas between IPs, and no quotes (at
least for "dst," assuming that's the same).
Whit
On Thu, Mar 19, 2015 at 11:22:53AM -0400, Whit Blauvelt wrote:
> Hi,
>
> Syntax that used to work doesn't now:
>
> server ssh accept src 1.2.3.4,5.6.7.8,192.168.1.0/24
>
> results in:
>
> ERROR : # 1.
> WHAT : A runtime command failed to execute (returned error 2).
> SOURCE : line 16 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A in_world_ssh_s2 -p tcp -s 1.2.3.4\,5.6.7.8\,192.168.1.0/24\ --sport 1024:65535 --dport 22 -m conntrack --ctstate NEW\,ESTABLISHED -j ACCEPT
> OUTPUT :
>
> iptables v1.4.4: host/network `1.2.3.4,5.6.7.8,192.168.1.0/24' not found
> Try `iptables -h' or 'iptables --help' for more information.
>
> Removing the commas gives:
>
> ERROR #: 1
> WHAT : Rules for ssh server, with server port(s) 'tcp/22' and client port(s) 'default'
> WHY : Cannot understand directive '5.6.7.8'.
> COMMAND: server ssh accept src 1.2.3.4 5.6.7.8 192.168.1.0/24
> MODE : both
> SOURCE : line 16 of /etc/firehol/firehol.conf
>
> Don't know if the second ever worked, but the first surely did. Looks like
> inappropriate escaping.
>
> Best,
>
> Whit
More information about the Firehol-support
mailing list