Anonymous | Login | 2024-11-22 23:23 EST |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0001387 | PacketFence | inline | public | 2012-02-29 11:08 | 2012-04-18 10:00 | |||
Reporter | obilodeau | |||||||
Assigned To | obilodeau | |||||||
Priority | normal | Severity | feature | Reproducibility | N/A | |||
Status | closed | Resolution | fixed | |||||
Platform | OS | OS Version | ||||||
Product Version | 3.0.0 | |||||||
Target Version | 3.3.0 | Fixed in Version | 3.3.0 | |||||
Summary | 0001387: iptables forward filter customization | |||||||
Description | currently the forward filter is generated in one block: ### FORWARD ### :FORWARD DROP [0:0] :forward-internal-inline-if - [0:0] %%filter_forward_inline%% which renders like: ### FORWARD ### :FORWARD DROP [0:0] :forward-internal-inline-if - [0:0] -A forward-internal-inline-if --protocol udp --destination 4.2.2.1 --destination-port 53 --jump ACCEPT -A forward-internal-inline-if --match mark --mark 0x1 --jump ACCEPT This prevent customization like the following (unless you insert and hardcode rules Id which is not future proof): - deny access to LAN which need to be introduced after allowing DNS but before allowing all marked users through.. | |||||||
Tags | No tags attached. | |||||||
fixed in git revision | ||||||||
fixed in mtn revision | ||||||||
Attached Files | ||||||||
Relationships | ||||||
|
Notes | |
(0002595) obilodeau (reporter) 2012-02-29 11:10 |
Thinking about this I originally thought splitting the forward filter in two groups: DNS allow and users allow so that one can insert custom rules in between but when I realized we are getting rid of the DNS statements (see 0001374) and we are planning to do so in the next cycle, then I think we should simply wait and do nothing as it will be fixed by itself. |
(0002659) obilodeau (reporter) 2012-04-18 09:59 |
fix released in 3.3.0 last friday |
Issue History | |||
Date Modified | Username | Field | Change |
2012-02-29 11:08 | obilodeau | New Issue | |
2012-02-29 11:08 | obilodeau | Status | new => assigned |
2012-02-29 11:08 | obilodeau | Assigned To | => obilodeau |
2012-02-29 11:10 | obilodeau | Note Added: 0002595 | |
2012-02-29 11:10 | obilodeau | Relationship added | related to 0001374 |
2012-04-12 13:12 | dwuelfrath | Status | assigned => resolved |
2012-04-12 13:12 | dwuelfrath | Resolution | open => fixed |
2012-04-12 13:12 | dwuelfrath | Fixed in Version | => trunk |
2012-04-18 09:49 | obilodeau | Target Version | +1 => 3.3.0 |
2012-04-18 09:50 | obilodeau | Fixed in Version | trunk => 3.3.0 |
2012-04-18 09:59 | obilodeau | Note Added: 0002659 | |
2012-04-18 10:00 | obilodeau | Status | resolved => closed |
Copyright © 2000 - 2012 MantisBT Group |