Firewall rules do not work (UPDATE)
Firewall rules do not work (UPDATE)
Hi to everybody
I have a problem with the last version of IpFire
if i set a firewall rule (like in the image) i can't see the port open if i test in site like www.canyouseeme.org
old rules it's ok
what's wrong?
Thanks
Donatello
I have a problem with the last version of IpFire
if i set a firewall rule (like in the image) i can't see the port open if i test in site like www.canyouseeme.org
old rules it's ok
what's wrong?
Thanks
Donatello
Last edited by donaldo on May 30th, 2019, 1:11 pm, edited 1 time in total.
Re: Firewall rules do not work
hi
i have find in the /var/ipfire/firewall the file config with this setting:
39,ACCEPT,FORWARDFW,ON,std_net_src,ALL,tgt_addr,10.0.0.80/32,,TCP,,,ON,,,TGT_PORT,9600,x Silvio,,,,,,,,,,00:00,00:00,ON,Default IP,9600,dnat,,,,,second
40,ACCEPT,FORWARDFW,ON,std_net_src,ALL,tgt_addr,10.0.0.80/32,,UDP,,,ON,,,TGT_PORT,9600,x Silvio,,,,,,,,,,00:00,00:00,ON,Default IP,9600,dnat,,,,,second
i think it's ok, egual other line in the setting
it is possible that this setting isn't charged in acl, only registered in the file?
i have make a reboot but nothing.
all the port of the router are open and CPE are transparent
what's wrong?
Thanks
Donatello
i have find in the /var/ipfire/firewall the file config with this setting:
39,ACCEPT,FORWARDFW,ON,std_net_src,ALL,tgt_addr,10.0.0.80/32,,TCP,,,ON,,,TGT_PORT,9600,x Silvio,,,,,,,,,,00:00,00:00,ON,Default IP,9600,dnat,,,,,second
40,ACCEPT,FORWARDFW,ON,std_net_src,ALL,tgt_addr,10.0.0.80/32,,UDP,,,ON,,,TGT_PORT,9600,x Silvio,,,,,,,,,,00:00,00:00,ON,Default IP,9600,dnat,,,,,second
i think it's ok, egual other line in the setting
it is possible that this setting isn't charged in acl, only registered in the file?
i have make a reboot but nothing.
all the port of the router are open and CPE are transparent
what's wrong?
Thanks
Donatello
Re: Firewall rules do not work
Hi
other people have my same problem?
or i have make a mistake?
please tell me
thanks
Donatello
other people have my same problem?
or i have make a mistake?
please tell me
thanks
Donatello
Re: Firewall rules do not work
Hi to everybody
i can confirm this problem
time ago i had disabled a rule (at the time it's work) for opening a port
if i enable now, and try to test, the port it's closed
so the button Apply changes don't work
Please help me
thanks
Donatello
i can confirm this problem
time ago i had disabled a rule (at the time it's work) for opening a port
if i enable now, and try to test, the port it's closed
so the button Apply changes don't work
Please help me
thanks
Donatello
Re: Firewall rules do not work
Hi
i have created a test port in another server with the last ipfire (another internet connection) and if i check with this site https://www.yougetsignal.com/tools/open-ports/ the port is closed.
So i think that the problem is in the last version of ipfire
someone can open a bug (a BIG Bug) ?
thanks
Donatello
i have created a test port in another server with the last ipfire (another internet connection) and if i check with this site https://www.yougetsignal.com/tools/open-ports/ the port is closed.
So i think that the problem is in the last version of ipfire
someone can open a bug (a BIG Bug) ?
thanks
Donatello
Re: Firewall rules do not work (UPDATE)
I have installed 2.23 131 and have the same problem. The rules do not being applied. Is this a known bug?
-
- Posts: 11
- Joined: September 26th, 2017, 7:56 am
Re: Firewall rules do not work (UPDATE)
Hello,
rules seems ok, you must have a service open with port 9600 on IP 10.0.0.80 obviously and you reach it ie http://WANIP:9600 but you need run apache open with port 9600
rigth ?
Andrea T.
rules seems ok, you must have a service open with port 9600 on IP 10.0.0.80 obviously and you reach it ie http://WANIP:9600 but you need run apache open with port 9600
rigth ?
Andrea T.
Re: Firewall rules do not work (UPDATE)
Hi Andrea T. I think you may have missed the point. In release 2.23 131 New firewall rules are not being applied when the Apply button is pressed.
Do you have that release? If so could you test allowing or denying traffic through a port using the firewall rules please?
Do you have that release? If so could you test allowing or denying traffic through a port using the firewall rules please?
Re: Firewall rules do not work (UPDATE)
Hi, not true. I have a service at the port 9600 and isn't http.hardwareRVR wrote: ↑May 31st, 2019, 3:58 pmHello,
rules seems ok, you must have a service open with port 9600 on IP 10.0.0.80 obviously and you reach it ie http://WANIP:9600 but you need run apache open with port 9600
rigth ?
Andrea T.
also i have make time ago same rules and all in working
if you use the https://www.yougetsignal.com/tools/open-ports/ you can verify if the port is open
thanks
Donatello
Re: Firewall rules do not work (UPDATE)
@Donaldo:
The rules are added to iptables.
Thus Michael's answer in the bugzilla is just ok.
I've just checked this. The port is shown open only, if there is service running on the destination with this port.hardwareRVR wrote: ↑May 31st, 2019, 3:58 pmHello,
rules seems ok, you must have a service open with port 9600 on IP 10.0.0.80 obviously and you reach it ie http://WANIP:9600 but you need run apache open with port 9600
rigth ?
Andrea T.
The rules are added to iptables.
Thus Michael's answer in the bugzilla is just ok.
Re: Firewall rules do not work (UPDATE)
To complete this thread, I just quote the other thread linked above
To conclude:Hi to everybody
I make a Mea Culpa
For 2 days i have had a big trouble with ftp. I have thought it was the firewall rules
But after many test i have found the trouble.
It was the Intrusion Prevention System with the Thalos VRT Rules.
If the malware-backdoor.rules is enable, it block the TSL Cyper of the FTP Filezilla Server and nothing work
I hope that this help user of IpFire
Thanks
Donatello
- firewall maintenance works as before core131
- with IPS you can block more connections than you wish. IPS demands a high maintenance effort.
- you should do exactly that, what you want