On 08/18/2015 02:12 PM, Dick Hollenbeck wrote: > This is still a problem as of 18-August-2015: > > http://vuurmuur-users.narkive.com/1W0jUSnb/existing-ssh-session-being-killed-during-rule-application > > I loaded nf_conntrack_ipv4 ahead of time, even logged out and back in, then > did the > vuurmuur startup and it killed my ssh connection. > > This makes the vuurmuur package unusable. If there is no remedy soon we'll > have to remove > this package from our embedded distro. > > > # vuurmuur -V > Vuurmuur 0.8rc1 (using libvuurmuur 0.8rc1) > > Again, its such a disagreeable behaviour that it makes the package unusable. >
I wonder what a good solution would be. For example, when you log in over SSH you can get a env var: SSH_CONNECTION=192.168.1.3 34790 192.168.1.1 22 If you're willing to trust this env var, you could have the init script do a work around. E.g. add a rule for that tulpe, or maybe add the conntrack entry manually using the conntrack tool. However, this won't work in all cases. For example sudo strips this env var away. I guess another way would be to have the interface define a 'management' ip (or port) that operates outside of the conntrack rules (in the raw table perhaps). Suggestions and/or patches are welcome. ------------------------------------------------------------------------------ _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
