Simplewall: multiple issues found in new 2.3

Created on 19 Jun 2018 · 7Comments · Source: henrypp/simplewall

1.rules are limited to 128 bytes now
reserved ips rule not working anymore:

0.0.0.0/8;10.0.0.0/8;100.64.0.0/10;127.0.0.0/8;169.254.0.0/16;172.16.0.0/12;192.0.0.0/24;192.0.2.0/24;192.88.99.0/24;192.168.0.0/16;198.18.0.0/15;198.51.100.0/24;203.0.113.0/24;224.0.0.0/4;240.0.0.0/4;255.255.255.255/32

::/128;::1/128;::ffff:0:0/96;64:ff9b::/96;100::/64;2001::/32;2001:10::/28;2001:20::/28;2001:db8::/32;2002::/16;fc00::/7;fe80::/10;ff00::/8

2.broken rule will stop simplewall block apps, you need make sure your rule are valid.

bug

Source

LazyZhu

👍1

All 7 comments

It's all working, but maximum rule length will decreased to 128 words length for technical purposes.
You have 359 words length.

henrypp on 19 Jun 2018

👍1

Do you even tested before close this issue?

because 128 limited,old version rule like ::/128;::1/128;::ffff:0:0/96;64:ff9b::/96;100::/64;2001::/32;2001:10::/28;2001:20::/28;2001:db8::/32;2002::/16;fc00::/7;fe80::/10;ff00::/8 will cut to ::/128;::1/128;::ffff:0:0/96;64:ff9b::/96;100::/64;2001::/32;2001:10::/28;2001:20::/28;2001:db8::/3 2;2002::/16;fc00::/7;fe80::/1. this rule is invalid because fe80::/1 is invalid and can't process, result in simpewall will not block any apps.

Test Step:

install old version before 2.3, add rule ::/128;::1/128;::ffff:0:0/96;64:ff9b::/96;100::/64;2001::/32;2001:10::/28;2001:20::/28;2001:db8::/32;2002::/16;fc00::/7;fe80::/10;ff00::/8
close simplewall and upgrade to 2.3, start simplewall, run any blocked apps, you will found simplewall didn't block internet connect.

PS:
RULE_RULE_CCH_MAX should add to 256

LazyZhu on 19 Jun 2018

3.Found another rule bug:
with rule <item name="Reserved.ipv4" rule="0.0.0.0/8;10.0.0.0/8;127.0.0.0/8;192.168.0.0/16;224.0.0.0/4;255.255.255.255/32" rule_local="0.0.0.0/8;10.0.0.0/8;127.0.0.0/8;192.168.0.0/16;224.0.0.0/4;255.255.255.255/32" dir="2" is_block="false" is_enabled="true" /> enabled for all apps, but still get log like these:
networx.exe,239.255.255.250:1900 (Remote),192.168.1.100:64373 (Local),UDP,simplewall\BlockOutboundConnectionsV4,#297540,OUT,BLOCK
System,0.0.0.0 (Remote),224.0.0.1 (Local),IGMP,simplewall\BlockInboundConnectionsV4,#298701,OUT,BLOCK

Looks like the rule dosn't work at all.

LazyZhu on 19 Jun 2018

suggestion

https://stackoverflow.com/questions/7026824/example-of-unit-tests-preventing-regression

https://github.com/search?l=C%2B%2B&o=desc&q=test&s=stars&type=Repositories

https://stackoverflow.com/questions/520064/what-is-unit-test-integration-test-smoke-test-regression-test

ghost on 20 Jun 2018

3.Found another rule bug:
with rule <item name="Reserved.ipv4" rule="0.0.0.0/8;10.0.0.0/8;127.0.0.0/8;192.168.0.0/16;224.0.0.0/4;255.255.255.255/32" rule_local="0.0.0.0/8;10.0.0.0/8;127.0.0.0/8;192.168.0.0/16;224.0.0.0/4;255.255.255.255/32" dir="2" is_block="false" is_enabled="true" />

Where bug? It's incorrect configured rule. _Same remote and_ _same local_ ip means loopback.

henrypp on 20 Jun 2018

👍1

Anyway most of loopback addresses (reserved ips) are included into "Allow loopback connections" configuration.

henrypp on 20 Jun 2018

👍1

Where bug? It's incorrect configured rule. Same remote and same local ip means loopback.

But the log shows are different ips.
Do you mean rule and rule_local can't have the same ip?

LazyZhu on 20 Jun 2018

Was this page helpful?

0 / 5 - 0 ratings

Related issues

[UI] Timer change does not apply before expire

pwn0r · 3Comments

how does simplewall compare with comodo firewall?

shiftyshady · 4Comments

Updater still has some hardcoded strings

ltGuillaume · 3Comments

No Notepad plz

pwn0r · 4Comments

Girl on background is not cute.

p-groarke · 4Comments