Project

General

Profile

Anomalie #3571

corriger les règles allow_dest eole-firewall

Added by Fabrice Barconnière over 7 years ago. Updated over 7 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Category:
-
Start date:
06/05/2012
Due date:
% Done:

100%

Spent time:
Distribution:
EOLE 2.3

Description

Il reste des règles allow_dest incohérentes dans 00_root_sphynx.fw :

allow_dest(interface='eth0', ip='0/0', protocol='udp', port='500')
allow_dest(interface='eth0', ip='0/0', protocol='udp', port='4500')
allow_dest(interface='eth0', ip='0/0', protocol='esp')
...
allow_dest(interface='%%interface', ip='%%ip_address/%%netmask_address', port='%%arv_port')
allow_dest(interface='%%interface', ip='%%ip_address/%%netmask_address', protocol='icmp', typ='echo-request')
allow_dest(interface='eth0', ip='%%ip_etab/%%ip_etab.netmask_source_etab', protocol='ipsec', dest_port='%%ip_etab.port_dest_etab')

à remplacer par allow_src


Related issues

Related to conf-sphynx - Anomalie #3567: corriger les règles allow_dest eole-firewall Fermé 06/05/2012

History

#1 Updated by Fabrice Barconnière over 7 years ago

allow_src(interface='eth0', ip='0/0', protocol='esp') :

Traceback (most recent call last):
  File "/usr/share/eole/bastion/bin/bastion", line 5, in <module>
    write_rules()
  File "/usr/share/eole/bastion/processor.py", line 10, in write_rules
    frules.write(str(rule)+'\n')
  File "/usr/share/eole/bastion/fwobjects.py", line 297, in __str__
    return getattr(self, '_build_'+self.mimetype+'_'+dest+'_'+self.filter_type)()
  File "/usr/share/eole/bastion/fwobjects.py", line 279, in _build_root_src_allow
    raise Exception("Protocol %s not supported in _build_root_src_allow"%self.protocol)
Exception: Protocol esp not supported in _build_root_src_allow

#2 Updated by Fabrice Barconnière over 7 years ago

  • % Done changed from 90 to 0

#3 Updated by Joël Cuissinat over 7 years ago

  • Status changed from Nouveau to Résolu
  • Assigned To set to Joël Cuissinat
  • % Done changed from 0 to 100

Résolu par commit c1ba593f

#4 Updated by Fabrice Barconnière over 7 years ago

  • Status changed from Résolu to Fermé

Also available in: Atom PDF