[pve-devel] firewall: Razor Macro broken and opens Firewall

Tom Weber pve at junkyard.4t2.com
Sat Mar 30 17:04:14 CET 2019


Hi, in the middle of a weekend migration i realized that the 'Razor'
Macro is broken and basically disables ALL firewalling for a Container,
at least when used in a Security Group.

Looking at Firewall.pm
..
    'RNDC' => [
        "BIND remote management protocol",
        { action => 'PARAM', proto => 'tcp', dport => '953' },
    ],
    'Razor' => [
        "Razor Antispam System",
        { action => 'ACCEPT', proto => 'tcp', dport => '2703' },
    ],
    'Rdate' => [
        "Remote time retrieval (rdate)",
        { action => 'PARAM', proto => 'tcp', dport => '37' },
    ],
..

The Problem seems obvious (might have even missed that one myself when
I was working on this some time ago).

As mentioned, I'm in the middle of a bigger migration so just a short
notice and no patch (fix seems obvious)... 

I consider this serious because it silently disables ALL firewalling
(at least for me). Even though Razor Macro probably isn't used often.

Regards,
  Tom






More information about the pve-devel mailing list