0000736: Inter-Zone FW doesn't allow Network -> IP - MantisBT
MantisBT - Endian Firewall
0000736Endian FirewallFirewall (iptables)public2008-04-28 16:572009-10-27 12:03
0000736: Inter-Zone FW doesn't allow Network -> IP
The zone firewall doesn't create a working rule, when I add a rule to allow traffic from BLUE to a specific IP (webserver in GREEN).

Output of
2008-04-28 18:42:08,109 - endian.logger - DEBUG - Create rule nr 6: iptables -t mangle -A ZONEFW -s 0/0 -d -p tcp --dport 80 -i br2 -j ACCEPT iptables -A ZONEFW -s 0/0 -d -p tcp --dport 80 -i br2 -j ALLOW

Output of iptables -v -L ZONEFW:
Chain ZONEFW (4 references) pkts bytes target prot opt in out source destination
    0 0 ALLOW all -- br0 br0 anywhere anywhere
    0 0 ALLOW all -- br0 br2 anywhere anywhere
    0 0 ALLOW all -- br0 br1 anywhere anywhere
    0 0 ALLOW all -- br2 br2 anywhere anywhere
    0 0 ALLOW all -- br1 br1 anywhere anywhere
    0 0 ALLOW tcp -- br0 any anywhere tcp dpt:http

The problem seems to be target "any" in the last line.
Adding -o br0 to the above iptables lines fixes the problem, but I don't know if it's ok to do that..

best regards,
? conntrack-tools-0.9.5-2.endian3.i586.rpm (73,046) 2008-05-05 16:55
? efw-firewall-2.2.67-0.endian14.noarch.rpm (84,440) 2008-05-05 16:57
Issue History
2008-04-28 16:57karachoNew Issue
2008-04-28 16:57karachoStatusnew => assigned
2008-04-28 16:57karachoAssigned To => peter-endian
2008-04-30 15:58ra-endianTarget Version => 2.2-rc1
2008-05-05 16:41ra-endianAssigned Topeter-endian => ra-endian
2008-05-05 16:41ra-endianStatusassigned => confirmed
2008-05-05 16:55ra-endianFile Added: conntrack-tools-0.9.5-2.endian3.i586.rpm
2008-05-05 16:57ra-endianFile Added: efw-firewall-2.2.67-0.endian14.noarch.rpm
2008-05-05 16:58ra-endianStatusconfirmed => resolved
2008-05-05 16:58ra-endianFixed in Version => 2.2-rc1
2008-05-05 16:58ra-endianResolutionopen => fixed
2008-05-05 16:58ra-endianNote Added: 0001119
2009-10-27 12:03peter-endianStatusresolved => closed

2008-05-05 16:58   
please install the attached rpm files. which should fix the problem.

thanks for the report