Re: [opensuse-security] Re: FW_MASQUERADE default behavior ?
On Thu, Apr 25, 2013 at 1:39 AM, Markus Abt <abt@comet.de> wrote:
I suppose that this is the firewall status output with FW_MASQ_NETS="".
Yes, to test the weird behavior I'm seeing.
It looks like a bug/changed functionality to me, too. In Chain forward_int, this line should not be there:
ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED
Exactly, that's the one that is opening the access to the untrusted network by default, and in contradiction to what the documentation says. So should I open a bug report on https://bugzilla.novell.com/ ? Cheers, -- JLB -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Thu, Apr 25, 2013 at 01:59:23AM -0500, Juan Luis Baptiste wrote:
On Thu, Apr 25, 2013 at 1:39 AM, Markus Abt <abt@comet.de> wrote:
I suppose that this is the firewall status output with FW_MASQ_NETS="".
Yes, to test the weird behavior I'm seeing.
It looks like a bug/changed functionality to me, too. In Chain forward_int, this line should not be there:
ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED
Exactly, that's the one that is opening the access to the untrusted network by default, and in contradiction to what the documentation says. So should I open a bug report on https://bugzilla.novell.com/ ?
Yes please. I have not fully taken a look at it yet, but in Bugzilla it is not lost. Attach the debug traces and configs that you also quoted here. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Thu, Apr 25, 2013 at 10:22 AM, Marcus Meissner <meissner@suse.de> wrote:
Exactly, that's the one that is opening the access to the untrusted network by default, and in contradiction to what the documentation says. So should I open a bug report on https://bugzilla.novell.com/ ?
Yes please.
I have not fully taken a look at it yet, but in Bugzilla it is not lost. Attach the debug traces and configs that you also quoted here.
Done: https://bugzilla.novell.com/show_bug.cgi?id=817233 -- JLB -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (2)
-
Juan Luis Baptiste -
Marcus Meissner