[Firehol-support] 2.02 and src with multiple IPs - syntax change?
Whit Blauvelt
whit at transpect.com
Thu Mar 19 15:22:53 GMT 2015
Hi,
Syntax that used to work doesn't now:
server ssh accept src 1.2.3.4,5.6.7.8,192.168.1.0/24
results in:
ERROR : # 1.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 16 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ssh_s2 -p tcp -s 1.2.3.4\,5.6.7.8\,192.168.1.0/24\ --sport 1024:65535 --dport 22 -m conntrack --ctstate NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
iptables v1.4.4: host/network `1.2.3.4,5.6.7.8,192.168.1.0/24' not found
Try `iptables -h' or 'iptables --help' for more information.
Removing the commas gives:
ERROR #: 1
WHAT : Rules for ssh server, with server port(s) 'tcp/22' and client port(s) 'default'
WHY : Cannot understand directive '5.6.7.8'.
COMMAND: server ssh accept src 1.2.3.4 5.6.7.8 192.168.1.0/24
MODE : both
SOURCE : line 16 of /etc/firehol/firehol.conf
Don't know if the second ever worked, but the first surely did. Looks like
inappropriate escaping.
Best,
Whit
More information about the Firehol-support
mailing list