[pve-devel] firewall: Razor Macro broken and opens Firewall
Thomas Lamprecht
t.lamprecht at proxmox.com
Sat Mar 30 17:42:39 CET 2019
On 3/30/19 5:04 PM, Tom Weber wrote:
> Hi, in the middle of a weekend migration i realized that the 'Razor'
> Macro is broken and basically disables ALL firewalling for a Container,
> at least when used in a Security Group.
>
> Looking at Firewall.pm
> ..
> 'RNDC' => [
> "BIND remote management protocol",
> { action => 'PARAM', proto => 'tcp', dport => '953' },
> ],
> 'Razor' => [
> "Razor Antispam System",
> { action => 'ACCEPT', proto => 'tcp', dport => '2703' },
> ],
> 'Rdate' => [
> "Remote time retrieval (rdate)",
> { action => 'PARAM', proto => 'tcp', dport => '37' },
> ],
> ..
>
> The Problem seems obvious (might have even missed that one myself when
> I was working on this some time ago).
thanks for catching, was introduced quite a bit ago:
https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=857f62c833a604eb8399467a94d325c1994367eb;hp=8c32a215951ba04399f29ef651bdf8dc3fdd3011
>
> As mentioned, I'm in the middle of a bigger migration so just a short
> notice and no patch (fix seems obvious)...
>
> I consider this serious because it silently disables ALL firewalling
> (at least for me). Even though Razor Macro probably isn't used often.
>
yes, it's probably not used often, still not nice to have, pushed out a
fix for this, thanks again!
cheers,
Thomas
> Regards,
> Tom
More information about the pve-devel
mailing list