Hi Klaus,
I may have found a security problem in SuSE personal firewall 1.1-4. Other versions might be affected as well.
Description:
condition: REJECT_ALL_INCOMING_CONNECTIONS=modem in /etc/rc.config.d/security.rc.config
affected file: /sbin/SuSEpersonal-firewall
In line 310 RAIC is set to "ppp*". This is later passed to iptables (or ipchains) as interface parameter leading to the warning "Warning: wierd character in interface `ppp*' (No aliases, :, ! or *)." in the log.
fix: Set RAIC to "ppp+" instead. the "+" is the proper wildcard for the iptables and ipchains commands.
Questions: Is this in fact a bug or did I miss something? Was a proper rule for the ppp* (ppp0, ppp1, ...) interface created? I did not check.
I think you did... The /sbin/SuSEpersonal-firewall runs two times during boot and each time when some ppp link goes online (from /etc/ppp/ip-up). With each run, it removes the rules from its own chains and sets new ones. To find out which interfaces exist, it does if [ "$iname" = "modem" ]; then RAIC="$RAIC `cd /proc/sys/net/ipv4/conf; echo ppp* `" else RAIC="$RAIC $iname" fi ...which results in the "ppp*" string if there is no interface named ppp* present. The script is written for very fast execution, and echo <pattern> is much faster than an ls <pattern>. Agreed, it's not beautiful, it may be considered a bug, but it's not a problem (except for the log message). Thanks for your mail!
Klaus
Roman.
--
- -
| Roman Drahtmüller