ETH_DEVICE_SKIP doesn't work with VLAN devices

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
vegar_nilsen
Junior Member
Posts: 2
Joined: 12 Jan 2016, 15:07

ETH_DEVICE_SKIP doesn't work with VLAN devices

Post by vegar_nilsen »

Hi,

we're mounting a backup drive over NFS on a private network. This network is connected through a separate VLAN on a failover bond with two interfaces. When I add bond0.821 to csf.conf:ETH_DEVICE_SKIP I get this error message on "csf -r":

Code: Select all

*WARNING* ETH_DEVICE_SKIP device [bond0.821] not listed in ifconfig

*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.
root@host03 [/etc/csf]# less /usr/sbin/csf 
root@host03 [/etc/csf]# ifconfig bond0.821
bond0.821 Link encap:Ethernet  HWaddr 00:25:90:FC:6F:3C  
          inet addr:10.9.12.102  Bcast:10.9.12.255  Mask:255.255.255.0
          inet6 addr: fe80::225:90ff:fefc:6f3c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1659 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:76798 (74.9 KiB)  TX bytes:1082 (1.0 KiB)
To get around this I commented out the device name check in /usr/sbin/csf, like this:

Code: Select all

                foreach my $device (split(/\,/,$config{ETH_DEVICE_SKIP})) {
                        #if ($ifaces{$device}) {
                                &syscommand(__LINE__,"$config{IPTABLES} $verbose -I INPUT  -i $device -j $acce
pt");
                                &syscommand(__LINE__,"$config{IPTABLES} $verbose -I OUTPUT -o $device -j $acce
pt");
                                if ($config{IPV6}) {
                                        &syscommand(__LINE__,"$config{IP6TABLES} $verbose -I INPUT  -i $device
 -j $accept");
                                        &syscommand(__LINE__,"$config{IP6TABLES} $verbose -I OUTPUT -o $device
 -j $accept");
                                }
                        #} else {
                                #$warning .= "*WARNING* ETH_DEVICE_SKIP device [$device] not listed in ifconfig\n";
                        #}
                }
After I did this and ran "csf -r" I got the expected result:

Code: Select all

ACCEPT  all opt -- in bond0.821 out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out bond0.821  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt    in bond0.821 out *  ::/0  -> ::/0  
ACCEPT  all opt    in * out bond0.821  ::/0  -> ::/0  
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: ETH_DEVICE_SKIP doesn't work with VLAN devices

Post by ForumAdmin »

The scripts will not like the full stop (.) in the device name which is causing the problem. We'll look into catering for that in the next release.
vegar_nilsen
Junior Member
Posts: 2
Joined: 12 Jan 2016, 15:07

Re: ETH_DEVICE_SKIP doesn't work with VLAN devices

Post by vegar_nilsen »

ForumAdmin wrote:The scripts will not like the full stop (.) in the device name which is causing the problem. We'll look into catering for that in the next release.
Thanks, that would be great.
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: ETH_DEVICE_SKIP doesn't work with VLAN devices

Post by ForumAdmin »

This should hopefully have been addresses in v8.09 which we have just released:
http://blog.configserver.com
Post Reply