Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CMD_CYCLE_OPEN for multiple ports #327

Open
EDEADLINK opened this issue Mar 16, 2021 · 0 comments
Open

CMD_CYCLE_OPEN for multiple ports #327

EDEADLINK opened this issue Mar 16, 2021 · 0 comments

Comments

@EDEADLINK
Copy link

EDEADLINK commented Mar 16, 2021
edited

I am using CMD_CYCLE_OPEN to make fwknopd play nice with nftables,
like so:

CMD_CYCLE_TIMER     30s
CMD_CYCLE_OPEN      /usr/sbin/nft add element inet filter fwknop_allow { $IP . $PROTO . $PORT timeout 30s expires 30s }
CMD_CYCLE_CLOSE     __NONE__

and for a single port this works fine.
But if I use -A tcp/22,udp/60000 or similar the open command is only run for the first port i.e. tcp/22.
I was expecting CMD_CYCLE_OPEN to be executed once for every port in the protocol/port list.

Using -T it looks like it sends the list correctly
Message String: <redacted ip>,tcp/22,udp/60000

The server is running fwknopd 2.6.10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@EDEADLINK