Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
After the v24.02.0 release I noticed that the firewall is not being opened, which should be done with ufw_allow_viewer.sh using the ARKIME_PACKET_ACL variable.
I can see the variable is being set correctly, but ufw status does not show the entry being made. This means that requesting packet payloads in arkime sessions from hedgehog on a Pi does not work. It does work if the port is opened manually:
sudo ufw allow from 172.16.0.20/32 proto tcp to any port 8005
After the v24.02.0 release I noticed that the firewall is not being opened, which should be done with
ufw_allow_viewer.sh
using theARKIME_PACKET_ACL
variable.I can see the variable is being set correctly, but
ufw status
does not show the entry being made. This means that requesting packet payloads in arkime sessions from hedgehog on a Pi does not work. It does work if the port is opened manually: