SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000736: Inter-Zone FW doesn't allow Network -> IP - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000736Endian FirewallFirewall (iptables)public2008-04-28 16:572009-10-27 12:03
Reporterkaracho 
Assigned Tora-endian 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-beta4 
Target Version2.2-rc1Fixed in Version2.2-rc1 
Summary0000736: Inter-Zone FW doesn't allow Network -> IP
DescriptionThe zone firewall doesn't create a working rule, when I add a rule to allow traffic from BLUE to a specific IP (webserver in GREEN).

Output of setzonefw.py:
...
2008-04-28 18:42:08,109 - endian.logger - DEBUG - Create rule nr 6: iptables -t mangle -A ZONEFW -s 0/0 -d 192.168.1.4 -p tcp --dport 80 -i br2 -j ACCEPT iptables -A ZONEFW -s 0/0 -d 192.168.1.4 -p tcp --dport 80 -i br2 -j ALLOW
...

Output of iptables -v -L ZONEFW:
Chain ZONEFW (4 references) pkts bytes target prot opt in out source destination
    0 0 ALLOW all -- br0 br0 anywhere anywhere
    0 0 ALLOW all -- br0 br2 anywhere anywhere
    0 0 ALLOW all -- br0 br1 anywhere anywhere
    0 0 ALLOW all -- br2 br2 anywhere anywhere
    0 0 ALLOW all -- br1 br1 anywhere anywhere
    0 0 ALLOW tcp -- br0 any anywhere 192.168.1.4 tcp dpt:http

The problem seems to be target "any" in the last line.
Adding -o br0 to the above iptables lines fixes the problem, but I don't know if it's ok to do that..

best regards,
jannik
TagsNo tags attached.
Attached Files? file icon conntrack-tools-0.9.5-2.endian3.i586.rpm [^] (73,046 bytes) 2008-05-05 16:55
? file icon efw-firewall-2.2.67-0.endian14.noarch.rpm [^] (84,440 bytes) 2008-05-05 16:57

- Relationships

-  Notes
(0001119)
ra-endian (administrator)
2008-05-05 16:58

please install the attached rpm files. which should fix the problem.

thanks for the report

- Issue History
Date Modified Username Field Change
2008-04-28 16:57 karacho New Issue
2008-04-28 16:57 karacho Status new => assigned
2008-04-28 16:57 karacho Assigned To => peter-endian
2008-04-30 15:58 ra-endian Target Version => 2.2-rc1
2008-05-05 16:41 ra-endian Assigned To peter-endian => ra-endian
2008-05-05 16:41 ra-endian Status assigned => confirmed
2008-05-05 16:55 ra-endian File Added: conntrack-tools-0.9.5-2.endian3.i586.rpm
2008-05-05 16:57 ra-endian File Added: efw-firewall-2.2.67-0.endian14.noarch.rpm
2008-05-05 16:58 ra-endian Status confirmed => resolved
2008-05-05 16:58 ra-endian Fixed in Version => 2.2-rc1
2008-05-05 16:58 ra-endian Resolution open => fixed
2008-05-05 16:58 ra-endian Note Added: 0001119
2009-10-27 12:03 peter-endian Status resolved => closed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker