Core Update 139: fix syntax of generated Suricata DNS server file master
authorPeter Müller <peter.mueller@ipfire.org>
Fri, 13 Dec 2019 17:28:00 +0000 (17:28 +0000)
committerArne Fitzenreiter <arne_f@ipfire.org>
Sat, 14 Dec 2019 07:26:05 +0000 (07:26 +0000)
commitfd2dccaabb2e28cf875d7d81c7faf90f7941f56b
tree4479592c806671b0af854f8e245495c38bd8d1ac
parenta59cf47b9e3dc8fe1f7a086b0e97ce6102d1f017
Core Update 139: fix syntax of generated Suricata DNS server file

The YAML syntax of /var/ipfire/suricata/suricata-dns-servers.yaml was
invalid and caused Suricata to crash after upgrading to Core Update 139.

Due to strange NFQUEUE behaviour, this caused IPsec traffic to be
emitted to the internet directly. While this patch represents a quick
solution for Core Update 139, another one is needed for changing the
IPtables chain order to avoid similar information leaks in future.

Thanks to Michael for his debugging effort.

Fixes #12260
Partially fixes #12257

Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
config/cfgroot/ids-functions.pl