Recent content by buzzzo

I've installed fwcloud-agent on a almalinux 8.8, agent is wcloud-agent-1.3.1-1.x86_64 During boot the fwcloud systemd unit file hangs forever. What i've notice: 1) there is no timeout in the unit, meaning that the unit does not exit and let the system hangs 2) the after and want parameters are...

Hi I'm playing around cluster . How the plugin keepalived are managed inside the firewall/cluster ? Thx

No, 172.16.1.109 is just another vm on the same subnet (layer 2). no routing is involved between 2 parts.

Hi, After this log: [Jan10 09:20] RULE ID 874 [REJECT] IN=ens192 OUT= MAC=00:50:56:a4:16:d2:aa:00:00:18:8f:2e:08:00 SRC=172.16.1.109 DST=172.16.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=23244 DF PROTO=TCP SPT=41230 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 I'm not too sure it would be a fortigate's...

Thx, what are the risks to convert the firewall to "stateless" ? i'm just using fwcloud as host firewall so maybe I could disable the stateful feature.

Thx, issue #2 seems related to this. I'm investigating a little bit for issue 1. Thx for your help

WCloud.net - Loading firewall policy generated: Mon Jan 09 2023 18:09:27 GMT+0100 (Central European Standard Time) # Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them # Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them # Warning: ip6tables-legacy...

One interesting thing i've noted: 1) every firewall vm is behind a "real" firewall (fortinet or watchguard) , so to reach the fwcloud firewall (aka the vm) one should traverse the "real" firewall (please excuse me to use the term "real" , it's just for simplicity) 2) so test1: go from my lan to...

I've responded above, i've grouped port to be allowed on one rules , which is translated in a dport iptables rule.

Actually only on some ports, but could simply related to the fact that these ports are the ones widely used (mainly https)

ip a output: ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP>...

Shell script

I've created the rule to target more specifically the issue: 1) rule 1: permit port (eg: 443 tcp on the interface xyz 2) rule 2: deny all in on interface xyz But the same happens with default catchall rule. The firewall is stateful (aka: on the firewall option i specify stateful), i've not...

This issue is on vmware. log: [17931697.958436] RULE ID 874 [REJECT] IN=ens192 OUT= MAC=00:50:56:a4:16:d2:00:00:5e:00:01:36:08:00 SRC=3.238.30.45 DST=172.16.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=0 DF PROTO=TCP SPT=42526 DPT=443 WINDOW=0 RES=0x00 RST URGP=0 Rule 874 is a custom "catchall"...

Another strange issue related to another hosts Simple rule to permit inbound port 4343 tcp. The kernel logs denied (catchall rule) even if in reality is not blocked. Same issue for port 443 on another hosts This kingd of behaviour is "cross" hypervisor, happens both on proxmox and on vmware , on...