Documentation BUG -Firewall Access Configuration [INACTIVE]

To discuss and report ONLY Bugs

Documentation BUG -Firewall Access Configuration

Mensagempor bobbb » Sex Set 12, 2008 11:47 pm

The Firewall Access Configuration File has changed format but is not documented in the file.

The beginning of the file should start like this: (or something)
Código: Selecionar todos
# Firewall Access Configuration File
#
# *** NEW FORMAT for 2.31.10 - not compatible with previous versions
#
# This file contains entries in the following format:
# type active permit|deny protocol source[/mask] destination[/mask] dport sport


The last 3 examples should be changed to:
Código: Selecionar todos
access N deny all 192.168.0.44 any all all #Example - Deny internet access to this IP
access N deny all 192.168.0.48/30 any all all #Example - Deny internet access to these Sub-net
access N deny tcp any any 21 all #Example - Deny access to FTP sites
bobbb
 

Re: Documentation BUG -Firewall Access Configuration

Mensagempor bobbb » Dom Set 14, 2008 11:47 pm

I have just looked at all this again:

Código: Selecionar todos
access N deny all 192.168.0.44 any all all #Example - Deny internet access to this IP
This line should be dropped because it is the same example as for 192.168.0.50 before it.

Código: Selecionar todos
access N permit udp any 192.168.0.50 53 all #Example - Permit external DNS reply for this IP
This line is confusing because it is not needed since the return traffic is ACCEPTed by the state RELATED,ESTABLISHED rule in FORWARD. It becomes a bad example.

Código: Selecionar todos
access N deny tcp any any 21 all #Example - Deny access to FTP sites
This last example should specify a source IP of some kind (Local Network, Local interface, or Local IP or host with/without mask) because as it is shown now It would override any port forwarding that were made for FTP.
bobbb
 


Voltar para Bug Reports

Quem está online

Usuários navegando neste fórum: Nenhum usuário registrado e 2 visitantes