[Bug 857036] New: external firewall rules seem infunctional - openSUSE Bugs - openSUSE Mailing Lists

newer
[Bug 843230] New: VUL-0: root...

[Bug 857036] New: external firewall rules seem infunctional

older
[Bug 857455] New:...

bugzilla_noreply＠novell.com

31 Dec 2013 31 Dec '13

15:56

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c0 Summary: external firewall rules seem infunctional Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: i686 OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: estellnb@elstel.org QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0 After configuring enp0s3 as external zone I had a look at my iptables; they start like the following: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere Isn`t that fully infunctional if it accepts anything from anywhere just as first rule? Also it should be worth to consider ensuring some protection level by default and not to use any interface as DMZ by default as there are running a couple of services by default: postfix, avahi-daemon, cups and init on ::631. Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

Show replies by date

bugzilla_noreply＠novell.com

2 Jan 2 Jan

01:43

New subject: [Bug 857036] external firewall rules seem infunctional

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c Xiyuan Liu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |xyliu@suse.com AssignedTo|bnc-team-screening@forge.pr |varkoly@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

7 Jan 7 Jan

15:37

New subject: [Bug 857036] external firewall rules seem infunctional

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c Peter Varkoly changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|varkoly@suse.com |meissner@suse.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

15:49

New subject: [Bug 857036] external firewall rules seem infunctional

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c1 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |estellnb@elstel.org --- Comment #1 from Marcus Meissner 2014-01-07 15:49:46 UTC --- looks like the firewall is not enabled. systemctl status SuSEfirewall2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

9 Jan 9 Jan

11:15

New subject: [Bug 857036] external firewall rules seem infunctional

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c2 Elmar Stellnberger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|estellnb@elstel.org | --- Comment #2 from Elmar Stellnberger 2014-01-09 11:15:57 UTC --- # systemctl status SuSEfirewall2 SuSEfirewall2.service - SuSEfirewall2 phase 2 Loaded: loaded (/usr/lib/systemd/system/SuSEfirewall2.service; enabled) Active: active (exited) since Do 2014-01-09 12:01:52 CET; 14min ago Process: 1409 ExecStart=/usr/sbin/SuSEfirewall2 boot_setup (code=exited, status=0/SUCCESS) Main PID: 1409 (code=exited, status=0/SUCCESS) CGroup: /system.slice/SuSEfirewall2.service Jan 09 12:01:47 linux-ipv7 systemd[1]: Starting SuSEfirewall2 phase 2... Jan 09 12:01:47 linux-ipv7 SuSEfirewall2[1434]: Setting up rules from /etc/sysconfig/SuSEfirewall2 ... Jan 09 12:01:52 linux-ipv7 SuSEfirewall2[1511]: Firewall rules successfully set Jan 09 12:01:52 linux-ipv7 systemd[1]: Started SuSEfirewall2 phase 2. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

13:52

New subject: [Bug 857036] external firewall rules seem infunctional

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c3 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |estellnb@elstel.org --- Comment #3 from Marcus Meissner 2014-01-09 13:52:37 UTC --- and SuSEfirewall2 status please also attach /etc/sysconfig/SuSEfirewall2 (prune private informtion if any) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

14:24

New subject: [Bug 857036] external firewall rules seem infunctional

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c4 --- Comment #4 from Elmar Stellnberger 2014-01-09 14:24:17 UTC --- Created an attachment (id=573859) --> (http://bugzilla.novell.com/attachment.cgi?id=573859) /etc/sysconfig/SuSEfirewall2 AFAICR I didn`t do much more than to enable the firewall for the given interface. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

14:25

New subject: [Bug 857036] external firewall rules seem infunctional

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c Elmar Stellnberger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|estellnb@elstel.org | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

14:29

New subject: [Bug 857036] external firewall rules seem infunctional

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c5 --- Comment #5 from Marcus Meissner 2014-01-09 14:29:25 UTC --- can you run SuSEfirewall2 status too? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

15:11

New subject: [Bug 857036] external firewall rules seem infunctional

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c6 --- Comment #6 from Elmar Stellnberger 2014-01-09 15:11:38 UTC --- Created an attachment (id=573871) --> (http://bugzilla.novell.com/attachment.cgi?id=573871) SuSEfirewall2 status (output of) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

15:23

New subject: [Bug 857036] external firewall rules seem infunctional

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c7 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME --- Comment #7 from Marcus Meissner 2014-01-09 15:23:15 UTC --- ok, looks all fine. ACCEPT all -- anywhere anywhere this line from comment 0 is only for "lo", the loopback device. SuSEfirewall status has it at: 30 1500 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 Looking through the packet counters, there is quite some stuff DROPed in the input_ext chain at the end, so i think the firewall is live and filtering. => Use "iptables -L -v" instead of just -L to see also the interfaces. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

15:27

New subject: [Bug 857036] external firewall rules seem infunctional

https://bugzilla.novell.com/show_bug.cgi?id=857036 https://bugzilla.novell.com/show_bug.cgi?id=857036#c8 --- Comment #8 from Elmar Stellnberger 2014-01-09 15:27:06 UTC --- ok; thx for the info and for investigating the issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

3766

Age (days ago)

3775

Last active (days ago)

Download

11 comments

1 participants

tags

participants (1)

bugzilla_noreply＠novell.com