awall does not allow dns query
the policy file contains this filter
...
"filter": [
{
"out": "_fw",
"service": "dns",
"action": "accept",
"flow-limit": { "count": 100, "interval": 1 }
}
]
...
awall-1.2.4-r0 (Alpine 3.2) used to generate these rules
-A limit-dns-0 -m hashlimit --hashlimit-upto 100/second --hashlimit-burst 100 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-dns-0 -j ACCEPT
-A limit-dns-1 -m hashlimit --hashlimit-upto 100/second --hashlimit-burst 100 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-dns-1 -j ACCEPT
However, awall-1.4.3-r0 (Alpine 3.6) generates different rules with -j RETURN, instead of -j ACCEPT
-A limit-dns-0 -m hashlimit --hashlimit-upto 100/second --hashlimit-burst 100 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-dns-0 -j RETURN
-A limit-dns-1 -m hashlimit --hashlimit-upto 100/second --hashlimit-burst 100 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-dns-1 -j RETURN
(from redmine: issue id 7456, created on 2017-06-28, closed on 2019-05-03)
- Changesets:
- Revision f11784f300bba239ec4001a7d323ea828deb72b1 by Kaarle Ritvanen on 2017-06-29T17:59:19Z:
Filter: fix regression with flow-limit and no-track
fixes #7456