Page MenuHomePhabricator

Inspect action still exists in firewall and should be removed
Closed, ResolvedPublicBUG

Description

# set firewall name Foo rule 10 action 
Possible completions:
   drop         Rule action to drop
   reject       Rule action to reject
   accept       Rule action to accept
   inspect      Rule action to inspect

The inspect action was for the IPS/IDS (Snort), which is long gone. It's confusing at best, and possibly network breaking because it looks benign, but its real effect in the current system is "drop all traffic".
Until we figure out how to get the IPS functionality back, it should not be there.

Details

Difficulty level
Easy (less than an hour)
mickvav added a subscriber: mickvav.May 4 2016, 3:09 PM

Did you run into some trouble with snort? Are there any discussion on this topic somewhere?

N.B. May be just change the code to do '-j LOG' on this action, if snort is not an option?

syncer assigned this task to hagbard.Sat, Oct 20, 4:35 AM
syncer changed the subtype of this task from "Task" to "Bug".Sat, Oct 20, 4:51 AM

https://github.com/vyos/vyatta-cfg-firewall/commit/d4799d1715fc3177b84d66af406fa3028a95d254
pkg checked out ok in ci, tested and verified locally in 1.2.0-rolling+201810211757.

hagbard closed this task as Resolved.Fri, Oct 26, 7:07 PM