[Firehol-support] 2.02 and src with multiple IPs - syntax change?
Tsaousis, Costa
costa at tsaousis.gr
Thu Mar 19 15:37:49 GMT 2015
@phil,
Phil this seems a regression in 2.02.
I confirm it does not work as expected in 2.02.
Also, explain mode is broken in this version.
3.x is ok.
Could you please check it?
Costa
On Thu, Mar 19, 2015 at 5:22 PM, Whit Blauvelt <whit at transpect.com> wrote:
> Hi,
>
> Syntax that used to work doesn't now:
>
> server ssh accept src 1.2.3.4,5.6.7.8,192.168.1.0/24
>
> results in:
>
> ERROR : # 1.
> WHAT : A runtime command failed to execute (returned error 2).
> SOURCE : line 16 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A in_world_ssh_s2 -p tcp -s 1.2.3.4\,5.6.7.8\,192.168.1.0/24\ --sport 1024:65535 --dport 22 -m conntrack --ctstate NEW\,ESTABLISHED -j ACCEPT
> OUTPUT :
>
> iptables v1.4.4: host/network `1.2.3.4,5.6.7.8,192.168.1.0/24' not found
> Try `iptables -h' or 'iptables --help' for more information.
>
> Removing the commas gives:
>
> ERROR #: 1
> WHAT : Rules for ssh server, with server port(s) 'tcp/22' and client port(s) 'default'
> WHY : Cannot understand directive '5.6.7.8'.
> COMMAND: server ssh accept src 1.2.3.4 5.6.7.8 192.168.1.0/24
> MODE : both
> SOURCE : line 16 of /etc/firehol/firehol.conf
>
> Don't know if the second ever worked, but the first surely did. Looks like
> inappropriate escaping.
>
> Best,
>
> Whit
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
More information about the Firehol-support
mailing list