speedway: nochainedterms option rendering false jumps #357

ProtonBruno · 2023-11-01T09:21:18Z

I started testing nochainedterms option for Speedway target and something looks weird to me: after each term we still render a jump statement to the same chain...
Here is the output for a simple 7 terms policy:

:INPUT DROP [0:0]
-A INPUT -p all -m state --state NEW,ESTABLISHED,RELATED -o lo -j ACCEPT
-A INPUT -j INPUT
-A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -j INPUT
-A INPUT -p tcp -m multiport --dports 22,5666,9094,9100 -s 192.168.0.0/23 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22,5666,9094,9100 -s 192.168.128.0/23 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22,5666,9094,9100 -s 192.168.136.0/23 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22,5666,9094,9100 -s 192.168.192.0/23 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -j INPUT
-A INPUT -p udp --dport 9094 -s 192.168.0.0/23 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p udp --dport 9094 -s 192.168.128.0/23 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p udp --dport 9094 -s 192.168.136.0/23 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p udp --dport 9094 -s 192.168.192.0/23 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -j INPUT
-A INPUT -p tcp --dport 8080 -s 192.168.8.18/32 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 8080 -s 192.168.72.24/32 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -j INPUT
-A INPUT -p tcp --dport 5045 -s 192.168.17.11/32 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 5045 -s 192.168.81.59/32 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 5045 -s 192.168.145.59/32 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 5045 -s 192.168.160.31/32 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -j INPUT
-A INPUT -p all -j LOG --log-prefix INPUT
-A INPUT -p all -j DROP
-A INPUT -j INPUT

iptables target doesn't have the same issue.
Thx for checking.

The text was updated successfully, but these errors were encountered:

ProtonBruno · 2023-11-06T14:56:52Z

must be related to this POSTJUMP_FORMAT : which is not handled in iptables.py

ankenyr added the bug Something isn't working label Nov 7, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

speedway: nochainedterms option rendering false jumps #357

speedway: nochainedterms option rendering false jumps #357

ProtonBruno commented Nov 1, 2023 •

edited

ProtonBruno commented Nov 6, 2023

speedway: nochainedterms option rendering false jumps #357

speedway: nochainedterms option rendering false jumps #357

Comments

ProtonBruno commented Nov 1, 2023 • edited

ProtonBruno commented Nov 6, 2023

ProtonBruno commented Nov 1, 2023 •

edited