hostnames with multiple address are not handled completely #1222
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Describe the Bug
firewall { '123 allow http*s to security.debian.org v4 ':
proto => 'tcp',
destination => 'security.debian.org',
dport => [80,443],
action => 'accept',
chain => 'OUTPUT',
}
configures only one IP address:
-A OUTPUT -d 151.101.130.132/32 -p tcp -m multiport --dports 80,443 -m comment --comment "123 allow http*s to security.debian.org v4 " -j ACCEPT
Expected Behavior
Configure all IPs for an hostname, thus:
-A OUTPUT -d 151.101.2.132/32 -p tcp -m multiport --dports 80,443 -m comment --comment "123 allow https to security.debian.org v4 " -j ACCEPT
-A OUTPUT -d 151.101.66.132/32 -p tcp -m multiport --dports 80,443 -m comment --comment "123 allow https to security.debian.org v4 " -j ACCEPT
-A OUTPUT -d 151.101.130.132/32 -p tcp -m multiport --dports 80,443 -m comment --comment "123 allow https to security.debian.org v4 " -j ACCEPT
-A OUTPUT -d 151.101.194.132/32 -p tcp -m multiport --dports 80,443 -m comment --comment "123 allow https to security.debian.org v4 " -j ACCEPT
Steps to Reproduce
firewall ressource above
Environment
Additional Context
Same is true for IPv6
The text was updated successfully, but these errors were encountered: