Project

General

Profile

Actions

Bug #5848

closed

Downloaded rules data validation

Added by Alex Vergilis almost 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Category:
Rules / NAT
Target version:
Start date:
02/06/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Occasionally, data is not properly downloaded from internet based sources, and rules cannot be generated with errors similar to:

php-fpm[]: /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: file "/etc/bogons" contains bad data - The line in question reads [19]: table <bogons> persist file "/etc/bogons" 
php-fpm[]: /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:202: syntax error - The line in question reads [X]: pass  in  quick  on $IPsec inet proto tcp  from $Network1 to $Network2 port $Ports tracker 123 flags S/SA keep state  label "USER_RULE" 
  • If there are errors downloading the data, configurable attempts should be made to retry until successful data downloads or the number of attempts is exhausted. (with a configurable pause between attempts)
  • If data is not in the expected format, for ports or cidr blocks, it should not be saved. (i.e. a 404/503 error text)
  • If the rule points to an empty (or invalid) data file, it should not be loaded.
Actions

Also available in: Atom PDF