[pve-devel] PVE-Firewall stop all traffic - 2 times in 2 diferent hosts - WORKARROUND

Detlef Bracker bracker at 1awww.com
Thu May 7 12:01:28 CEST 2015


Dear,

we have not analyzed, why the pve-firewall has stop all the traffic, and
nothing going on an bring all something down.
We had one week stop of one host, why behind this, the operating center
said, this is a hacking host! But their was nothing, but not normal
traffic goes via wrong interfaces with MAC! Here is a small script for
everywhere, to control the firewall and shut the firewall off, when the
firewall blocks the host completly. This is better, why then you can
login in the host and control the host, as you must reboot completly
the host. Remember a cold reboot use possible hours, can create problems
in disc-arrays and something on!

create a script in /root/scripte with name "firewall_control.sh" with this:

#!/bin/bash
#
# IMPORTANT: check, that you have installed sendEmail or install with
apt-get install sendEmail !!!
#
#
# When your firewall was open and you have resolve the problem, stop the
warnings via Log-Rotate:
#
# /usr/sbin/logrotate --force /etc/logrotate.conf
#
# (c) under GPL by Detlef Bracker, 1awww.com - 07.05.2015

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
tail -n 1000 /var/log/syslog | grep "error (host unreachable)" | wc -l >
/var/log/firewall_defunc.cnt
COUNTER=$(cat /var/log/firewall_defunc.cnt)
if (( $COUNTER > 6 )); then
   pve-firewall stop
   cat firewall_defunc.cnt | sendEmail -f root at YOURHOSTNAME -t
YOURMAILADDRESS -u "URGEND - YOURHOSTNAME FIREWALL STOPPED."
fi

----

In last Line change YOURHOSTNAME / YOURMAILADDRESS
Then make the script executable with chmod 700
/root/scripte/firewall_control.sh
And create a cronjob:

*/1 * * * * /root/scripte/firewall_control.sh

Check, that you find in syslog now that the script every minutes runs!

The script now control every minute, that the host has errors to create
connections to out! When it´s so,
then you have a big big problem, but now the script helps you!

When its so, they counter the last 1000 lines of your syslog and when
the counter is greater then 6, they
stop the pve-firewall and inform you as administrator, that the host has
disabled the firewall and you must
check urgend why!


-- 

ACHTUNG: Ihr Anfragetext befindet sich unter unserem Absender!
P.S. ePrivacy in Europa - lesen Sie mehr - read more
<http://blog.1awww.com/2012/05/30/achtung-internet-seiten-betreiber-eprivacy-richtlinien-umzusetzen/>


Mit freundlichen Gruessen
1awww.com - Internet-Service-Provider

Detlef Bracker
Velilla, Calle Club s/n, E 18690 Almunecar, Tel.: +34.6 343 232 61 *
EU-VAT-ID: ESX4516542D

This email and any files transmitted are confidential and intended only
or the person(s) directly addressed. If you are not the intended
recipient, any use, copying, transmission, distribution, or other forms
of dissemination is strictly prohibited. If you have received this email
in error, please notify the sender immediately and permanently delete
this email with any files that may be attached.

Este correo electrónico y, en su caso, cualquier fichero anexo al mismo,
contiene información de carácter confidencial exclusivamente dirigida a
su destinatario o destinatarios. Queda prohibida su divulgación, copia o
distribución a terceros sin la previa autorización escrita de Detlef
Bracker. En caso de no ser usted la persona a la que fuera dirigido este
mensaje y a pesar de ello está continúa leyéndolo, ponemos en su
conocimiento que está cometiendo un acto ilícito en virtud de la
legislación vigente en la actualidad, por lo que deberá dejarlo de leer
automáticamente.

Detlef Bracker no es responsable de su integridad, exactitud, o de lo
que acontezca cuando el correo electrónico circula por las
infraestructuras de comunicaciones electrónicas públicas. En el caso de
haber recibido este correo electrónico por error, se ruega notificar
inmediatamente esta circunstancia mediante reenvío a la dirección
electrónica del remitente.

El correo electrónico vía Internet no permite asegurar la
confidencialidad de los mensajes que se transmiten ni su integridad o
correcta recepción, por lo que Detlef Bracker no asume ninguna
responsabilidad que pueda derivarse de este hecho.

No imprima este correo si no es necesario. Ahorrar papel protege el
medio ambiente.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20150507/d7cb6a12/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1awww_abs_logo.gif
Type: image/gif
Size: 1457 bytes
Desc: not available
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20150507/d7cb6a12/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20150507/d7cb6a12/attachment.sig>


More information about the pve-devel mailing list