SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000736: Inter-Zone FW doesn't allow Network -> IP - MantisBT
MantisBT - Endian Firewall
View Issue Details
0000736Endian FirewallFirewall (iptables)public2008-04-28 16:572009-10-27 12:03
karacho 
ra-endian 
normalminoralways
closedfixed 
2.2-beta4 
2.2-rc12.2-rc1 
0000736: Inter-Zone FW doesn't allow Network -> IP
The zone firewall doesn't create a working rule, when I add a rule to allow traffic from BLUE to a specific IP (webserver in GREEN).

Output of setzonefw.py:
...
2008-04-28 18:42:08,109 - endian.logger - DEBUG - Create rule nr 6: iptables -t mangle -A ZONEFW -s 0/0 -d 192.168.1.4 -p tcp --dport 80 -i br2 -j ACCEPT iptables -A ZONEFW -s 0/0 -d 192.168.1.4 -p tcp --dport 80 -i br2 -j ALLOW
...

Output of iptables -v -L ZONEFW:
Chain ZONEFW (4 references) pkts bytes target prot opt in out source destination
    0 0 ALLOW all -- br0 br0 anywhere anywhere
    0 0 ALLOW all -- br0 br2 anywhere anywhere
    0 0 ALLOW all -- br0 br1 anywhere anywhere
    0 0 ALLOW all -- br2 br2 anywhere anywhere
    0 0 ALLOW all -- br1 br1 anywhere anywhere
    0 0 ALLOW tcp -- br0 any anywhere 192.168.1.4 tcp dpt:http

The problem seems to be target "any" in the last line.
Adding -o br0 to the above iptables lines fixes the problem, but I don't know if it's ok to do that..

best regards,
jannik
No tags attached.
? conntrack-tools-0.9.5-2.endian3.i586.rpm (73,046) 2008-05-05 16:55
https://bugs.endian.com/file_download.php?file_id=128&type=bug
? efw-firewall-2.2.67-0.endian14.noarch.rpm (84,440) 2008-05-05 16:57
https://bugs.endian.com/file_download.php?file_id=129&type=bug
Issue History
2008-04-28 16:57karachoNew Issue
2008-04-28 16:57karachoStatusnew => assigned
2008-04-28 16:57karachoAssigned To => peter-endian
2008-04-30 15:58ra-endianTarget Version => 2.2-rc1
2008-05-05 16:41ra-endianAssigned Topeter-endian => ra-endian
2008-05-05 16:41ra-endianStatusassigned => confirmed
2008-05-05 16:55ra-endianFile Added: conntrack-tools-0.9.5-2.endian3.i586.rpm
2008-05-05 16:57ra-endianFile Added: efw-firewall-2.2.67-0.endian14.noarch.rpm
2008-05-05 16:58ra-endianStatusconfirmed => resolved
2008-05-05 16:58ra-endianFixed in Version => 2.2-rc1
2008-05-05 16:58ra-endianResolutionopen => fixed
2008-05-05 16:58ra-endianNote Added: 0001119
2009-10-27 12:03peter-endianStatusresolved => closed

Notes
(0001119)
ra-endian   
2008-05-05 16:58   
please install the attached rpm files. which should fix the problem.

thanks for the report