[pve-devel] firewall: Razor Macro broken and opens Firewall
Tom Weber
pve at junkyard.4t2.com
Sat Mar 30 17:04:14 CET 2019
Hi, in the middle of a weekend migration i realized that the 'Razor'
Macro is broken and basically disables ALL firewalling for a Container,
at least when used in a Security Group.
Looking at Firewall.pm
..
'RNDC' => [
"BIND remote management protocol",
{ action => 'PARAM', proto => 'tcp', dport => '953' },
],
'Razor' => [
"Razor Antispam System",
{ action => 'ACCEPT', proto => 'tcp', dport => '2703' },
],
'Rdate' => [
"Remote time retrieval (rdate)",
{ action => 'PARAM', proto => 'tcp', dport => '37' },
],
..
The Problem seems obvious (might have even missed that one myself when
I was working on this some time ago).
As mentioned, I'm in the middle of a bigger migration so just a short
notice and no patch (fix seems obvious)...
I consider this serious because it silently disables ALL firewalling
(at least for me). Even though Razor Macro probably isn't used often.
Regards,
Tom
More information about the pve-devel
mailing list