| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] |
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0022841 | ClearOS | app-network - Network Settings | public | 2019-02-18 09:45 | 2019-02-23 19:58 |
|
| Reporter | NickH | |
| Assigned To | dloper | |
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | closed | Resolution | suspended | |
| Platform | | OS | | OS Version | |
| Product Version | 7.5.0 Updates | |
| Target Version | 8.0.0 Beta 1 | Fixed in Version | | |
|
| Summary | 0022841: Change firewall to isolate all LAN's/VLAN's from each other |
| Description | Currently all interfaces designated as LAN can talk to any other LAN or HotLAN subnet. In some ways this is a strange behaviour as VLAN's are often used to segregate traffic and provide privacy on each LAN.
We can:
1 - Change the default firewall so that LAN interfaces can no longer talk to each other. This should include HotLANs, as again, the default behaviour is to allow any LAN to talk to a HotLAN but not vice-versa.
2 - Add an webconfig screen to allow interfaces to talk to each other. It only needs to be one-way as the default RELATED,ESTABLISHED rule would allow traffic back. This would avoid having to create Custom Firewall rules.
3 - Optionally allow the rule to to be bidirectional so if LAN-A can talk to LAN-B, then LAN-B can talk to LAN-A. This is the same as selecting two allows from 2) above.
|
| Tags | No tags attached. |
|
| Attached Files | |
|
Relationships 
Relationships