Page 1 of 1
VICIBOX 10 & Firewall
Posted:
Sun Sep 19, 2021 7:06 am
by kashinc
Has anyone got the dynamic firewall working on version 10 yet???
Re: VICIBOX 10 & Firewall
Posted:
Tue Sep 21, 2021 10:54 pm
by carpenox
Re: VICIBOX 10 & Firewall
Posted:
Tue Sep 28, 2021 10:43 pm
by kashinc
Hey,
I did try this and had zero luck....
did it in this order as well
firewall-cmd --permanent --new-ipset=whiteips --type=hash:ip
firewall-cmd --permanent --new-ipset=whitenets --type=hash:ip
firewall-cmd --permanent --new-ipset=dynamic --type=hash:ip
firewall-cmd --permanent --new-ipset=blackips --type=hash:ip
firewall-cmd --reload
- then added this to the bottom of my crontab as the only firewall entry
@reboot /usr/bin/VB-firewall --dynamic --whitelist=ViciWhite
* * * * * /usr/bin/VB-firewall --dynamic --whitelist-ViciWhite
-I then ran this
/usr/bin/VB-firewall --dynamic --white
rebooted... once the reboot is done the box wont let me SSH from the external net at all.... something is missing... I need to get this working, let me know what I can do to help. Half my cluster is 9.03 and the other is 10 without a proper firewall.
Re: VICIBOX 10 & Firewall
Posted:
Sun Oct 17, 2021 4:59 am
by kashinc
Has anyone had any luck getting the dynamic portal and whitelist fixed in version 10 yet??? I am debating on going back to 9.0.3
Re: VICIBOX 10 & Firewall
Posted:
Mon Nov 29, 2021 5:48 pm
by kevinhippert
One potential problem is "VB-firewall.pl" does not exist in /usr/bin nor in /usr/local/bin on a clean install of Vicibox 10. Searching the system, I can not find it anywhere. Not sure if it got pulled because it was breaking things or it is a mistake.
Re: VICIBOX 10 & Firewall
Posted:
Mon Nov 29, 2021 7:25 pm
by carpenox
Search without the. Pl
Re: VICIBOX 10 & Firewall
Posted:
Tue Nov 30, 2021 10:45 am
by kevinhippert
Thanks you are correct, removing .pl found the file in /usr/bin. I did not realize there were situations where "ls" would not sort alphabetically which is why I did not find it by looking through the "V" files in either directory. More programs should be written with randomly inconsistent behavior, it makes computing more fun.
Re: VICIBOX 10 & Firewall
Posted:
Sun Jan 16, 2022 9:23 pm
by vkad
The error is here
In the dynamic section code when the user logs in through the portal the IP is added to the blacklist because of this incorrect logic.
- Code: Select all
doipnetslist(\@dynamicips, $IPBLACK, "X", "DynamicList");
This should be changed to:
- Code: Select all
doipnetslist(\@dynamicips, $IPDYNAMIC, "X", "DynamicList");
Re: VICIBOX 10 & Firewall
Posted:
Mon Mar 28, 2022 1:32 pm
by covarrubiasgg
Here is a Patch in case you donĀ“t want o manually locate the line and edit the file
- Code: Select all
--- VB-firewall 2022-03-26 21:32:35.247713770 -0700
+++ VB-firewall 2022-03-26 21:32:44.244088080 -0700
@@ -760,7 +760,7 @@
if (@dynamicips > 0 ) {
verboseoutput(" DynamicList found " . @dynamicips . " entries in ViciDial");
- doipnetslist(\@dynamicips, $IPBLACK, "X", "DynamicList");
+ doipnetslist(\@dynamicips, $IPDYNAMIC, "X", "DynamicList");
} else { verboseoutput(" No DynamicList entries found in ViciDial"); }
verboseoutput(" DynamicList done!");
}
Re: VICIBOX 10 & Firewall
Posted:
Thu Mar 31, 2022 12:55 pm
by Kumba
The fix has been committed to the firewall package. You can do a 'zypper ref && zypper up' to pull it in.