- changed status to resolved
Admin Restrictions - Limit Connection Attempts leads to no firewall (WebUI bug -> security problem)
Issue #44
resolved
freshtomato-WS880-ARM_NG-2020.3-AIO-64K.trx
Total / Free NVRAM 64.00 KB / 25.74 KB
On /admin-access.asp, Admin Restrictions - Limit Connection Attempts allows to enter a count up to 100. However, the value larger than 19 leads to failure to reload filter
table rules. Failure is in no way reflected in web UI. If the router is subsequently rebooted, it is left without firewall.
Log record is:
Jun 7 16:48:21 router user.crit preinit[1]: Error while loading rules. See /etc/iptables.error file.
Jun 7 16:48:21 router kern.info kernel: xt_recent: hitcount (100) is larger than packets to be remembered (20)
Note that the value in the iptables rule is 1 greater than the entered value, so the field should be limited to 19. For example, if the entered count is 19
for every 30
seconds, then the created iptables rule is
-A shlimit -m recent --update --seconds 30 --hitcount 20 --name shlimit --rsource -j DROP
Comments (1)
-
repo owner - Log in to comment
Admin Restrictions: change permitted value for Limit Connections Attempts (fixes
#44)→ <<cset bbc3c7369e99>>