ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0019731ClearOSapp-firewall - Firewallpublic2018-04-03 09:472019-02-23 16:30
Reporteruser2 
Assigned Totracker 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusclosedResolutionsuspended 
PlatformOSOS Version
Product Version7.4.0 
Target Version7.6.0 UpdatesFixed in Version 
Summary0019731: Add a "no firewall" mode
DescriptionEven when a ClearOS system is configured in "standalone" or "trusted standalone" mode, there are still some important rules that are run, e.g.:

- Masquerading for VPN connections
- Hooks for the Intrusion Prevention app
- Hooks for the Attack Detector app
- and more

We need to create a mode in which all firewall rules are disabled, including those listed above. Why? Docker injects iptables rules and causes grief for any front-end that uses iptables under the hood (e.g. firewalld, Shorewall, ClearOS firewall, etc.) There are many many articles on the Internet that describe the issue and provide messy workarounds. Fundamentally, any Docker-enabled host should just disable all firewall rules and let Docker do its iptables injections.

Best practice: firewalls, VPNs, IDS, etc. should run on a separate gateway in front of the ClearOS Docker host.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0009591)
dloper (administrator)
2019-02-23 16:30

Migrated to: https://gitlab.com/clearos/clearfoundation/app-firewall/issues/3 [^]

- Issue History
Date Modified Username Field Change
2018-04-03 09:47 user2 New Issue
2018-04-03 09:47 user2 Assigned To => user2
2018-04-03 09:47 user2 Status new => confirmed
2018-04-11 10:27 user2 Target Version 7.4.0 Updates => 7.5.0 Updates
2018-04-11 10:43 user2 Target Version 7.5.0 Updates => 7.5.0
2018-04-30 19:50 user2 Target Version 7.5.0 => 7.6.0
2018-10-30 17:59 user2 Target Version 7.6.0 => 7.6.0 Updates
2018-12-14 12:10 user2 Status confirmed => assigned
2018-12-14 12:10 user2 Assigned To user2 => tracker
2019-02-23 16:30 dloper Note Added: 0009591
2019-02-23 16:30 dloper Status assigned => closed
2019-02-23 16:30 dloper Resolution open => suspended