Aside from aesthetic and functional improvements (hosts can now be enabled/disabled), there was an issue where, no matter how many times we updated the data, if the IPFire firewall wasn’t restarted, it wouldn’t recognize the change and wouldn’t function properly.
A soft restart was performed with the command:
/usr/local/bin/firewallctrl
Faster than a full restart
No interruptions to established connections
Official IPFire method for reloading rules (I think)
A first look at the source show 2 (little?) problems
the check for valid IP isn’t complete
general_functions.pl ( the method used throughout IPFire ) reads
sub validip
{
my $ip = $_[0];
if (!($ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/)) {
return 0;
} else {
my @octets = ($1, $2, $3, $4);
foreach $_ (@octets) {
if (/^0./) { return 0; }
if ($_ < 0 || $_ > 255) { return 0; }
}
return 1;
}
}
the lookup function catches the last ‘Address:’ line of nslookup only. this may be not the requested information.
example: nslookup heise.de yields the following address lines
Faster than a full restart