| Anonymous | Login | 2024-12-22 00:35 MST |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0001271 | ClearOS | app-incoming-firewall - Incoming Firewall | public | 2013-08-04 07:44 | 2019-05-20 10:12 | ||||
| Reporter | NickH | ||||||||
| Assigned To | |||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||
| Status | closed | Resolution | won't fix | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 6.4.0 | ||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0001271: Creating an incoming rule in the webconfig also creates an OUTPUT rule in iptables | ||||||||
| Description | Creating an incoming rule in the webconfig also creates a mittor OUTPUT rule in iptables. I have no EGRESS rules in the webconfig, and incoming rules for IPSEC, HTTPS, UDP:4500 (IPSec NAT), NTP and OpenVPN and these are my (reduced) INPUT and OUTPUT rules: Chain INPUT (policy DROP 227 packets, 31600 bytes) pkts bytes target prot opt in out source destination 43 14417 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68 100 7842 ACCEPT tcp -- * * 0.0.0.0/0 82.19.x.y tcp dpt:443 0 0 ACCEPT udp -- * * 0.0.0.0/0 82.19.x.y udp dpt:4500 1471 112K ACCEPT udp -- * * 0.0.0.0/0 82.19.x.y udp dpt:123 206K 128M ACCEPT udp -- * * 0.0.0.0/0 82.19.x.y udp dpt:1194 0 0 ACCEPT udp -- * * 0.0.0.0/0 82.19.x.y udp spt:500 dpt:500 11105 4155K ACCEPT esp -- * * 0.0.0.0/0 82.19.x.y 0 0 ACCEPT ah -- * * 0.0.0.0/0 82.19.x.y Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2 656 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67 71 16215 ACCEPT tcp -- * eth0 82.19.x.y 0.0.0.0/0 tcp spt:443 0 0 ACCEPT udp -- * eth0 82.19.x.y 0.0.0.0/0 udp spt:4500 1471 112K ACCEPT udp -- * eth0 82.19.x.y 0.0.0.0/0 udp spt:123 148K 16M ACCEPT udp -- * eth0 82.19.x.y 0.0.0.0/0 udp spt:1194 62331 7593K ACCEPT udp -- * eth0 82.19.x.y 0.0.0.0/0 udp spt:500 dpt:500 9970 1985K ACCEPT esp -- * eth0 82.19.x.y 0.0.0.0/0 0 0 ACCEPT ah -- * eth0 82.19.x.y 0.0.0.0/0 I do not see why the OUTPUT rules are there. | ||||||||
| Steps To Reproduce | Create an Incoming rule in the webconfig. | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0012031) NickH (developer) 2019-05-20 10:12 |
Probably needed when the default firewall policies are changed to DROP |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2013-08-04 07:44 | NickH | New Issue | |
| 2013-08-05 19:44 | user2 | Status | new => acknowledged |
| 2019-05-20 10:12 | NickH | Note Added: 0012031 | |
| 2019-05-20 10:12 | NickH | Status | acknowledged => closed |
| 2019-05-20 10:12 | NickH | Resolution | open => won't fix |
|
Issue History |