Bug 1596304
Summary: | strip or reject non-printable characters (e.g. carriage return) in --add-rich-rule | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Ashraf <ashrafsayedgomaa> |
Component: | firewalld | Assignee: | Eric Garver <egarver> |
Status: | CLOSED ERRATA | QA Contact: | Štěpán Němec <snemec> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.2 | CC: | ashrafsayedgomaa, egarver, rkhan, todoleza |
Target Milestone: | rc | Keywords: | Reopened, Triaged, Upstream |
Target Release: | 8.3 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | firewalld-0.8.2-6.el8 | Doc Type: | Bug Fix |
Doc Text: |
Cause: non printable characters were permitted in rich rules
Consequence: displaying the rules may cause artifacts such as breaking the rule across two lines.
Fix: strip non printable characters from the rich rule string
Result: rich rules are now displayed correctly.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-05-18 14:58:48 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ashraf
2018-06-28 14:46:03 UTC
Can you provide an example of the improperly formatted input so I an reproduce this? As of now I'm unable to reproduce the issue. As per comment 2 there is insufficient data to reproduce this issue. http://atyourserver.com/ip/ip.txt this text file import in curl will cause all connections to server to be blocked, you will not be able to access server but physically by connecting keyboard Thanks for providing the "bad" file. This occurs due to the carriage returns in the file. You can avoid it by running dos2unix on the file. e.g. for i in $(curl "https://www.cloudflare.com/ips-v4" | dos2unix); do sudo firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="'$i'" port port=80 protocol=tcp accept'; done However, firewalld should be smart enough to strip no printable characters from the string given to --add-rich-rule. So I'll reopen this BZ for that purpose. This is a minor issue and there are no plans to fix this in RHEL-7. It can be worked around by sanitizing the input. Moving to RHEL-8. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (firewalld bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:1643 |