Project

General

Profile

Anomalie #1782

bastion ne redémarra pas : erreur container dns not already exists

Added by Fabrice Barconnière almost 10 years ago. Updated almost 10 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Category:
-
Start date:
05/17/2011
Due date:
% Done:

100%

Spent time:
Distribution:

Description

fichier /usr/share/eole/firewall/00_fichier.fw contient la ligne:
allow_dest(interface='eth0', container="dns", protocol='udp', port='53')

Associated revisions

Revision f0f31049 (diff)
Added by exarkun over 14 years ago

Merge fake-requests-1782-1783

Author: exarkun
Reviewer: jml
Fixes #1782
Fixes #1783

Give FakeRequests a default status code of OK.
Accept all of FakeRequest.__init__'s arguments in the init of
AccumulatingFakeRequest.

Revision dcd4a541 (diff)
Added by tsmr over 11 years ago

Can modify request_type on tracking with massive modification see #1782

Revision 231d6706 (diff)
Added by Joël Cuissinat almost 10 years ago

00_fichier.fw et 00_mail.fw : prise en compte du cas où il n'y a pas de conteneur dns (fixes #1782)

History

#1 Updated by Joël Cuissinat almost 10 years ago

Proposition :
  • soit il y a un conteneur DNS et on en autorise l'accès
  • soit on autorise l'accès vers tous les DNS du resolv.conf
    %if %%is_defined('adresse_ip_conteneur_dns')
    allow_dest(interface='eth0', container="dns", protocol='udp', port='53')
    %elif %%adresse_ip_dns != ['']
    %for %%variable_iter in %%adresse_ip_dns
    allow_dest(interface='eth0', ip="%%variable_iter", protocol='udp', port='53')
    %end for
    %end if
    

#2 Updated by Joël Cuissinat almost 10 years ago

  • Status changed from Nouveau to Résolu
  • % Done changed from 0 to 100

#3 Updated by Joël Cuissinat almost 10 years ago

  • Assigned To changed from Emmanuel GARETTE to Joël Cuissinat
Modification réalisée pour :
  • 00_fichier.fw (conf-scribe)
  • 00_mail.fw (conf-scribe)
  • 00_proxy.fw (conf-amon)

#4 Updated by Joël Cuissinat almost 10 years ago

  • Status changed from Résolu to Fermé

OK sur Scribe-2.3 (eole-fichier 2.3-eole305~11) :

root@scribeng:~# cat /usr/share/eole/firewall/00_fichier.fw
allow_dest(interface='eth0', container='annuaire', port='389')
# accès au conteneur DNS ou aux DNS distants
allow_dest(interface='eth0', ip="192.168.232.2", protocol='udp', port='53')
# accès à creole_serv
allow_dest(interface='eth0', container='root', port='4333')
allow_dest(ip='192.168.230.204', port='8443')

Also available in: Atom PDF