| Anonymous | Login | 2024-04-18 12:09 EDT |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||
| 0001387 | PacketFence | inline | public | 2012-02-29 11:08 | 2012-04-18 10:00 | |||
| Reporter | obilodeau | |||||||
| Assigned To | obilodeau | |||||||
| Priority | normal | Severity | feature | Reproducibility | N/A | |||
| Status | closed | Resolution | fixed | |||||
| Platform | OS | OS Version | ||||||
| Product Version | 3.0.0 | |||||||
| Target Version | 3.3.0 | Fixed in Version | 3.3.0 | |||||
| Summary | 0001387: iptables forward filter customization | |||||||
| Description | currently the forward filter is generated in one block: ### FORWARD ### :FORWARD DROP [0:0] :forward-internal-inline-if - [0:0] %%filter_forward_inline%% which renders like: ### FORWARD ### :FORWARD DROP [0:0] :forward-internal-inline-if - [0:0] -A forward-internal-inline-if --protocol udp --destination 4.2.2.1 --destination-port 53 --jump ACCEPT -A forward-internal-inline-if --match mark --mark 0x1 --jump ACCEPT This prevent customization like the following (unless you insert and hardcode rules Id which is not future proof): - deny access to LAN which need to be introduced after allowing DNS but before allowing all marked users through.. | |||||||
| Tags | No tags attached. | |||||||
| fixed in git revision | ||||||||
| fixed in mtn revision | ||||||||
| Attached Files | ||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0002595) obilodeau (reporter) 2012-02-29 11:10 |
Thinking about this I originally thought splitting the forward filter in two groups: DNS allow and users allow so that one can insert custom rules in between but when I realized we are getting rid of the DNS statements (see 0001374) and we are planning to do so in the next cycle, then I think we should simply wait and do nothing as it will be fixed by itself. |
|
(0002659) obilodeau (reporter) 2012-04-18 09:59 |
fix released in 3.3.0 last friday |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-02-29 11:08 | obilodeau | New Issue | |
| 2012-02-29 11:08 | obilodeau | Status | new => assigned |
| 2012-02-29 11:08 | obilodeau | Assigned To | => obilodeau |
| 2012-02-29 11:10 | obilodeau | Note Added: 0002595 | |
| 2012-02-29 11:10 | obilodeau | Relationship added | related to 0001374 |
| 2012-04-12 13:12 | dwuelfrath | Status | assigned => resolved |
| 2012-04-12 13:12 | dwuelfrath | Resolution | open => fixed |
| 2012-04-12 13:12 | dwuelfrath | Fixed in Version | => trunk |
| 2012-04-18 09:49 | obilodeau | Target Version | +1 => 3.3.0 |
| 2012-04-18 09:50 | obilodeau | Fixed in Version | trunk => 3.3.0 |
| 2012-04-18 09:59 | obilodeau | Note Added: 0002659 | |
| 2012-04-18 10:00 | obilodeau | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |