SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2019-11-22 05:16 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0002720 | Endian Firewall | Firewall (iptables) | public | 2010-02-24 14:01 | 2010-11-22 12:09 | ||||
| Reporter | ra-endian | ||||||||
| Assigned To | peter-endian | ||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | |||||||||
| Target Version | 2.3.1 | Fixed in Version | 2.3.1 | ||||||
| Summary | 0002720: creating portforward rules with no destination port, allow access *from internal zones* to all ports on the destination machine | ||||||||
| Description | if you create a portforward rule with no destination port, you can access all ports from the destination machine (from LAN) currently: iptables -t nat -A PORTFW -d 192.168.15.41 -j DNAT -p tcp --dport 5190:5194 --to-destination 10.1.1.1 iptables -t filter -A PORTFWACCESS -d 10.1.1.1 -p tcp -j ALLOW should be: iptables -t nat -A PORTFW -d 192.168.15.41 -j DNAT -p tcp --dport 5190:5194 --to-destination 10.1.1.1 iptables -t filter -A PORTFWACCESS -d 10.1.1.1 --dport 5190:5194 -p tcp -j ALLOW | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files |  portfw_2.png [^] (47,320 bytes) 2010-02-24 14:01
Bildschirmfoto 2010-02-25 um 10.50.07.png [^] (16,516 bytes) 2010-02-25 09:50
 efw-firewall-2.3.65-0.endian21.noarch.rpm [^] (372,879 bytes) 2010-02-25 11:05 | ||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0003853) aender (reporter) 2010-02-25 09:49 |
Is this fixed with the efw-firewall package from yesterday? If not, please give as asap a new update via endian-network because this bug makes a big hole in to firewall! We have many rules with no dport! |
|
(0003854) aender (reporter) 2010-02-25 09:51 |
See attached. |
|
(0003858) peter-endian (administrator) 2010-02-25 10:42 |
no, it hasn't. single unnotified releases right now are only about migration stuff in order to bring that stable. this fix will be released with the next scheduled updates (in order to pass QA) as long as there's no other migration related stuff to release for this package. |
|
(0003859) aender (reporter) 2010-02-25 10:46 |
Sorry for reopening. But is my up-do-date system and all other affected by this bug or not? If yes, this would leave a big hole in all current installed 2.3 systems... |
|
(0003861) peter-endian (administrator) 2010-02-25 10:57 |
this bug does not open the target host for everyone, as the description may let think. It's open only for intern, since you can't reach the internal ip from extern. So ok,. it's not nice, but also not that bad that it could be :) We will release the update as soon as possible. |
|
(0003863) peter-endian (administrator) 2010-02-25 11:07 |
i attached the rpm which contains the fix. if you want you can try it until we have the update release ready. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-02-24 14:01 | ra-endian | New Issue | |
| 2010-02-24 14:01 | ra-endian | File Added: portfw_2.png | |
| 2010-02-24 14:19 | peter-endian | Assigned To | => peter-endian |
| 2010-02-24 14:19 | peter-endian | Status | new => confirmed |
| 2010-02-24 14:19 | peter-endian | Target Version | => 2.3.1 |
| 2010-02-24 18:19 | peter-endian | View Status | private => public |
| 2010-02-24 19:11 | peter-endian | Status | confirmed => resolved |
| 2010-02-24 19:11 | peter-endian | Fixed in Version | => 2.3.1 |
| 2010-02-24 19:11 | peter-endian | Resolution | open => fixed |
| 2010-02-25 09:49 | aender | Note Added: 0003853 | |
| 2010-02-25 09:49 | aender | Status | resolved => feedback |
| 2010-02-25 09:49 | aender | Resolution | fixed => reopened |
| 2010-02-25 09:50 | aender | File Added: Bildschirmfoto 2010-02-25 um 10.50.07.png | |
| 2010-02-25 09:51 | aender | Note Added: 0003854 | |
| 2010-02-25 10:42 | peter-endian | Note Added: 0003858 | |
| 2010-02-25 10:42 | peter-endian | Status | feedback => resolved |
| 2010-02-25 10:42 | peter-endian | Resolution | reopened => fixed |
| 2010-02-25 10:46 | aender | Note Added: 0003859 | |
| 2010-02-25 10:46 | aender | Status | resolved => feedback |
| 2010-02-25 10:46 | aender | Resolution | fixed => reopened |
| 2010-02-25 10:57 | peter-endian | Note Added: 0003861 | |
| 2010-02-25 11:05 | peter-endian | File Added: efw-firewall-2.3.65-0.endian21.noarch.rpm | |
| 2010-02-25 11:07 | peter-endian | Note Added: 0003863 | |
| 2010-02-25 11:08 | peter-endian | Summary | creating portforward rules with no destination port, allow access to all ports on the destination machine => creating portforward rules with no destination port, allow access *from internal zones* to all ports on the destination machine |
| 2010-03-03 15:16 | ra-endian | Status | feedback => resolved |
| 2010-03-03 15:16 | ra-endian | Resolution | reopened => fixed |
| 2010-11-22 12:09 | peter-endian | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |