simplewall icon indicating copy to clipboard operation
simplewall copied to clipboard

Published 20 hours ago verified publisher icon henrypp

Allowing local ports and remote IPs not working correctly (corrected description)

Open FreePlague opened this issue 4 years ago • 4 comments

I have messed up with #864 issue description. My bad, sorry. Problem still exists. simplewall v3.5.3 x64, default behavior (whitelist) Windows 7 x64, Windows firewall disabled

When allowing two local ports for two remote IPs for incoming connections first local port allowed for first remote IP and second local port for second remote IP in lists. But I think should be all ports for all IPs.

Example rule which allows incoming connections:

Remote:
-1.1.1.1
-2.2.2.2
Local:
-1111
-2222

This rule should allow 4 connections:

-1.1.1.1:*any remote port* to *any local IP*:1111
-1.1.1.1:*any remote port* to *any local IP*:2222
-2.2.2.2:*any remote port* to *any local IP*:1111
-2.2.2.2:*any remote port* to *any local IP*:2222

But instead allowing only 2 connections (Like first with first, second with second):

-1.1.1.1:*any remote port* to *any local IP*:1111
-2.2.2.2:*any remote port* to *any local IP*:2222

Seems bug to me because this rule working fine:

Remote:
-1.1.1.1
Local:
-1111
-2222

Allowing 2 connections:

-1.1.1.1:*any remote port* to *any local IP*:1111
-1.1.1.1:*any remote port* to *any local IP*:2222

FreePlague avatar Oct 20 '21 10:10 FreePlague

This rule...

Remote:
1.1.1.1
2.2.2.2
Local:
1111
2222

...should allow 4 connections:

-1.1.1.1:*any remote port* to *any local IP*:1111
-1.1.1.1:*any remote port* to *any local IP*:2222
-2.2.2.2:*any remote port* to *any local IP*:1111
-2.2.2.2:*any remote port* to *any local IP*:2222

No. It is incorrect. Lines are synchronized in pairs.

As example: 1.1.1.1 remote was syncronized only with 1111 local. Same for 2.2.2.2 remote is syncronized only with 2222 local.

In example below, you use only 1 remote rule and 2 local rules, but simplewall was sync lines anyway.

From this pseudo-rule:

Remote:
1.1.1.1
Local:
1111
2222

Simplewall generates 2 rules: If pair not exists, then simplewall uses previous value of the pair.

Remote:
1.1.1.1
1.1.1.1 <- duplicated
Local:
1111
2222

henrypp avatar Oct 20 '21 11:10 henrypp

I've got it. Not obvious behavior. @phaolo2 don't get it either. Please consider to put this somewhere in wiki.

FreePlague avatar Oct 20 '21 12:10 FreePlague

@FreePlague i think not wiki, but in editor description.

henrypp avatar Oct 20 '21 12:10 henrypp

Mm I see. Unexpected behaviour indeed. Can you allow to change the order of rules, then? (drag&drop or up\down buttons) At the moment we have to redo the entire list.

phaolo2 avatar Oct 20 '21 14:10 phaolo2