Jump to content

eset_wap module create bugs in nftables


Recommended Posts

Hy all,

I have a problem with my nftables firewalls since i had installed ESET on my Linux Server.

I have strange behavior of the loopback interface. Internal connections go through the network card, not "lo".
These unusual connections are therefore blocked by the firewall.

Bad log with ESET WAP:

IN= OUT=wlp3s0 SRC=192.168.0.XXX DST=127.0.0.1 LEN=60 ...............

Good log without ESET_WAP

IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 ...............

 

System:

  • Ubuntu 22LTS
  • Kernel 6.5.0-25-generic
  • ESET 10.2.2.0

Note: I have the problem with Debian 12 server.

Link to comment
Share on other sites

  • Administrators

Perhaps changing the priority of the output chain would help. If you use "filter" priority (alias for 0), change it to -102.

If that doesn't help, please raise a support ticket.

Link to comment
Share on other sites

Posted (edited)

OK, i found the source of problem.

Indeed, it is a problem of nftable ruleset, ESET inject NAT rules with higher priority (priority -101).

ESET rules NAT all TCP connections to 127.0.0.1:37687. But these strange connections are forbidden by my rules.

I hope this port is static ! => not !

I will add a specific rule to accept this. (all interface, all IP to 127.0.0.1, is not beautiful) in output chain:

ip daddr 127.0.0.1 tcp dport 1024-65535 accept
Edited by ludo84
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...