Bugfix/sentinel dynfw bypass fix
- Jul 24, 2020
-
-
Verified07187ebe
-
We use marking is to be able to identify traffic for minipots and other probes and let it bypass the firewall. The marking is done by checking destination ports - e.g. 22, 23 etc. When marked in mangle INPUT chain the destination ports were already REDIRECTed to corresponding internal ports e.g. 2525, 2333 etc and thus no marking were done at all. Marking in mangle PREROUTING chain is done before REDIRECT and thus correct destination ports are matched.
Verified43d9f0c8
-