Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nProbe Cento in Bridge mode : banned hosts are not blocked #560

Open
alevin67 opened this issue Jan 23, 2023 · 0 comments
Open

nProbe Cento in Bridge mode : banned hosts are not blocked #560

alevin67 opened this issue Jan 23, 2023 · 0 comments
Labels
bug to be verified

Comments

@alevin67
Copy link

Our nProbe Cento version is:
banned_allowed.zip

sudo cento-bridge --version
v.1.18.230113
Built OS:      Ubuntu 18.04.6 LTS
System Id:     L12030D0200000792--U12030D0288924EBB--OL
GIT rev:       1.18-stable:fd21960eff2b6e8a982905afff5d4cc93adba35b:20230113
License:       A6ooFU9tOYlxJucJ1kWEXMyplTIwW9TPhqGphubx+hqEtv7Y/fuuIK8eydrpS/Di
               0oP8CIEfMElXlKLpSOueLzjX5+o9NQ4lbexJU17o+e9PSFRNyL8l/rTHMQSF22Rc
               AZied00KOTvzAr7GlR16HxoKKdKtRWn1QfYWUQPAamZvH7LnmQgavMz9SqJE7pnO
               za4ATg3H0eAGv0Joww4xCJfTIk0DmTdeMWm6fuO6qLEnYhgabgVTVHC8fmeWzzV3
               MRrS8pVShgAH1ojhDCekUEIQ9OoLDt0nnOmzyTn554n4cBTBPchVxbBphLGAommY
               RHSVEA5iMNmj0gGf6JolUA==
License Hash:  80F15EBC2E2F46036A77877E04B05FCE1674571903FBB1CF23 [valid license]
License Type:  Time-limited License
Lic. Duration: Until Tue Jan 24 15:51:43 2023 [6 days left]

Right now we have the following issue with nProbe Cento:
cento is standing as a bridge between two different physical interfaces (eth0 and eth1). It forwards client's traffic to the internet with filtering capabilities.
In order to filter blocklisted website (website id is defined as HTTP Host or TLS SNI) we've configured the following:

# cat bridge.conf
[bridge]
default = forward
banned-hosts = discard

# cat banned.example
[example.org](http://example.org/)
[google.com](http://google.com/)
[www.google.com](http://www.google.com/)

# cento execution:
sudo cento-bridge -i eth0,eth1 --bridge-conf bridge.conf --banned-hosts banned.example --dpi-level 2

However we're out of success: specified banned hosts are not blocked what we can check this out by executing the cmd on the client side (that's a separate virtual machine):

curl -L [example.org](http://example.org/)  
curl -L [google.com](http://google.com/) 
curl -L [www.google.com](http://www.google.com/)

We expect that HTTP(S) requests to the hosts specified in banned.example should be discarded (dropped) but this does not happened.

The pcap file is attached.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug to be verified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cardigliano @alevin67