Firewall detection KO

[nicofrand]

Hi,

I can see you added a check about firewalls (\o/):

A firewall should be up and running: KO
* No firewall is running.

However I do have a firewall running (and I did launch pschecker with root). I use iptables, here is an extract for example:

# iptables -L                
Chain INPUT (policy DROP)
target     prot opt source               destination         
fail2ban-yunohost  tcp  --  anywhere             anywhere             multiport dports http,https
fail2ban-nginx  tcp  --  anywhere             anywhere             multiport dports http,https
fail2ban-postfix  tcp  --  anywhere             anywhere             multiport dports smtp,urd,submission
fail2ban-proftpd  tcp  --  anywhere             anywhere             multiport dports ftp,ftp-data,ftps,ftps-data
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:urd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:xmpp-client
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:xmpp-server
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6697
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:mdns
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

It does not appear in ps though:

# ps -ef | grep iptables
root     30478 30474  0 12:00 pts/0    00:00:00 grep iptables

See https://www.linuxquestions.org/questions/linux-networking-3/ps-ef-%7C-grep-iptables-gives-no-result-202088/

[gelnior]

Yes this check is wrong. I thought that firewalls have a daemon. I have to figure another way to find if a firewall is configured.

[gelnior]

I started investigating but it doesn't seem easy. I think we should a per firewall checking. For ufw we can check the result of ufw status.

[gelnior]

The ultimate solution would be to be able to analyze tables.

[nicofrand]

Analyzing the tables seems hard: each server has a different configuration (some block some things, other redirect it to a logger, etc.).

[gelnior]

I changed the way the checking is processed. Currently, only ufw is supported. If you have any idea for other firewalls, let me know!

[nicofrand]

Would that be possible to check if iptables seems to be installed with something like which iptables and only display a warning if it is, and explain that we can't actually check if it is running?

[gelnior]

I will have a look and tell you if it's ok.

[gelnior]

It doesn't look simple. I don't know if this check has a sense. Or maybe we should just display a warning if there is to table manager like ufw or firewalld.

See this link about "iptables is running": https://superuser.com/questions/1124317/how-to-verify-if-iptables-is-running-or-the-firewall-is-activated/1124322

[ZeHiro]

firewalld does not always exist as well.

[gelnior]

Yep, that's why I propose to put a warning and not a fail message.

[gelnior]

I changed the check to make it only emits warning instead of errors.

[nicofrand]

Works great, thanks!