Re: Trou dans un firewall (iptables nftable)

[NoSpam <no-spam@tootai.net>]

Ils n'arrivent jamais plus loin que mangle INPUT qui est avant la table 
nat et filter

Le 03/07/2023 à 15:00, BERTRAND Joël a écrit :
> Thomas Trupel a écrit :
> > C'est un comportement normal à mes yeux.
> >
> > L'ajout d'une règle avec la target TRACE devrait te confirmer que les
> > paquets sont bloqués par le firewall.
> J'obtiens ceci :
>
> 2023-07-03T14:37:45.868470+02:00 rayleigh kernel: [705875.038988] TRACE:
> raw:PREROUTING:policy:2 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=109.248.149.209
> DST=192.168.15.18 LEN=442 TOS=0x00 PREC=0x00 TTL=45 ID=10988 DF
> PROTO=UDP SPT=5256 DPT=5060 LEN=422
> 2023-07-03T14:37:45.868494+02:00 rayleigh kernel: [705875.039009] TRACE:
> mangle:PREROUTING:policy:1 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=109.248.149.209
> DST=192.168.15.18 LEN=442 TOS=0x00 PREC=0x00 TTL=45 ID=10988 DF
> PROTO=UDP SPT=5256 DPT=5060 LEN=422
> 2023-07-03T14:37:45.868497+02:00 rayleigh kernel: [705875.039019] TRACE:
> nat:PREROUTING:policy:1 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=109.248.149.209
> DST=192.168.15.18 LEN=442 TOS=0x00 PREC=0x00 TTL=45 ID=10988 DF
> PROTO=UDP SPT=5256 DPT=5060 LEN=422
> 2023-07-03T14:37:45.868498+02:00 rayleigh kernel: [705875.039035] TRACE:
> mangle:INPUT:policy:1 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=109.248.149.209
> DST=192.168.15.18 LEN=442 TOS=0x00 PREC=0x00 TTL=45 ID=10988 DF
> PROTO=UDP SPT=5256 DPT=5060 LEN=422
> raw:PREROUTING:policy:2 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=94.102.61.29
> DST=192.168.15.18 LEN=279 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=UDP
> SPT=38996 DPT=5060 LEN=259
> 2023-07-03T14:51:17.795018+02:00 rayleigh kernel: [706686.983258] TRACE:
> mangle:PREROUTING:policy:1 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=94.102.61.29
> DST=192.168.15.18 LEN=279 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=UDP
> SPT=38996 DPT=5060 LEN=259
> 2023-07-03T14:51:17.795021+02:00 rayleigh kernel: [706686.983268] TRACE:
> nat:PREROUTING:policy:1 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=94.102.61.29
> DST=192.168.15.18 LEN=279 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=UDP
> SPT=38996 DPT=5060 LEN=259
> 2023-07-03T14:51:17.795022+02:00 rayleigh kernel: [706686.983282] TRACE:
> mangle:INPUT:policy:1 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=94.102.61.29
> DST=192.168.15.18 LEN=279 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=UDP
> SPT=38996 DPT=5060 LEN=259
> 2023-07-03T14:56:40.474426+02:00 rayleigh kernel: [707009.669233] TRACE:
> raw:PREROUTING:policy:2 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=45.155.91.23
> DST=192.168.15.18 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=29434 PROTO=TCP
> SPT=47506 DPT=5060 SEQ=68748134 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
> OPT (020405A0)
> 2023-07-03T14:56:40.474447+02:00 rayleigh kernel: [707009.669262] TRACE:
> mangle:PREROUTING:policy:1 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=45.155.91.23
> DST=192.168.15.18 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=29434 PROTO=TCP
> SPT=47506 DPT=5060 SEQ=68748134 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
> OPT (020405A0)
> 2023-07-03T14:56:40.474452+02:00 rayleigh kernel: [707009.669274] TRACE:
> nat:PREROUTING:policy:1 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=45.155.91.23
> DST=192.168.15.18 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=29434 PROTO=TCP
> SPT=47506 DPT=5060 SEQ=68748134 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
> OPT (020405A0)
> 2023-07-03T14:56:40.474454+02:00 rayleigh kernel: [707009.669289] TRACE:
> mangle:INPUT:policy:1 IN=wan0 OUT=
> MAC=50:46:5d:72:ef:a2:60:a4:b7:73:c9:26:08:00 SRC=45.155.91.23
> DST=192.168.15.18 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=29434 PROTO=TCP
> SPT=47506 DPT=5060 SEQ=68748134 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
> OPT (020405A0)
>
> 	Où voit-on que ces paquets sont bloqués ?
>
> 	Bien cordialement,
>
> 	JKB