Strange issues WRT to drop / passthrough rules

Question

Strange issues WRT to drop / passthrough rules

t3chn0m4g3 opened this issue 6 years ago · 2 comments

The default ruleset has a udp drop rule. This drop rules prevents DNS resolution for the host. Setting the rule to:

  - match: udp dst port 53
    type: passthrough

... results in the following log messages (generated by ping www.google.de):

glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [contable] registering 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [contable] registering 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:55206->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.120:50847->53
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->55206
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:28 DEBUG [freki   ] new UDP connection 172.20.254.1:53->50847
glutton    | 2018/04/17 09:43:29 DEBUG [freki   ] new UDP connection 172.20.254.165:10102->10102
glutton    | 2018/04/17 09:43:33 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:33 DEBUG [freki   ] new UDP connection 172.20.254.120:40430->53
glutton    | 2018/04/17 09:43:33 DEBUG [contable] registering 172.20.254.120:40430->53
glutton    | 2018/04/17 09:43:33 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:33 DEBUG [freki   ] new UDP connection 172.20.254.120:60879->53
glutton    | 2018/04/17 09:43:33 DEBUG [contable] registering 172.20.254.120:60879->53
glutton    | 2018/04/17 09:43:33 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:33 DEBUG [freki   ] new UDP connection 172.20.254.1:53->40430
glutton    | 2018/04/17 09:43:33 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:33 DEBUG [freki   ] new UDP connection 172.20.254.1:53->60879
glutton    | 2018/04/17 09:43:33 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]
glutton    | 2018/04/17 09:43:33 DEBUG [freki   ] new UDP connection 172.20.254.120:33999->53
glutton    | 2018/04/17 09:43:33 DEBUG [contable] registering 172.20.254.120:33999->53
glutton    | 2018/04/17 09:43:33 DEBUG [freki   ] DecodeLayers: No decoder for layer type DNS [Ethernet IPv4 UDP]

The only workaround that seems to work is to remove the udp drop rule, however this does not seem the best way to do it. Setting up specific iptables rules allowing / accepting DNS traffic in OUTPUT / PREROUTING also fails.

It seems that freki is somehow involved as the culprit.

Answer 1 · 2018-04-17T12:39:56.000Z

I found a way around it by putting the passthrough rules on top and a match all / drop rule on bottom.

# Put passthrough rules on top, drop rules on bottom, rules are applied in order (top down)
rules:
  - match: udp dst port 53
    type: passthrough
  - match: tcp dst port 21
    type: conn_handler
    target: ftp
  - match: tcp dst port 23 or port 2323 or port 23231
    type: conn_handler
    target: telnet
  - match: tcp dst port 25
    type: conn_handler
    target: smtp
  - match: tcp dst port 445
    type: conn_handler
    target: smb
  - match: tcp dst port 3389
    type: conn_handler
    target: rdp
  - match: tcp dst port 5060
    type: conn_handler
    target: sip
  - match: tcp
    type: conn_handler
    target: default
  - match:
    type: drop

@glaslos: I am leaving this open in case you want to look into it, however my primary goal is met. Feel free to close it though 😃

Answer 2 · 2018-04-18T07:16:24.000Z

You are using the rule specification correctly now 👍
https://github.com/kung-foo/freki#rules-specification