PacketFence - BTS - PacketFence 1.7 | |||||
View Issue Details | |||||
ID | Project | Category | View Status | Date Submitted | Last Update |
0000314 | PacketFence 1.7 | public | 2008-04-21 14:19 | 2008-07-21 16:56 | |
Reporter | aflannery | ||||
Assigned To | user4 | ||||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | OS | OS Version | |||
Product Version | |||||
Target Version | Fixed in Version | monotone | |||
fixed in mtn revision | |||||
Summary | 0000314: iptables.pm adding FORWARD ACCEPT MARK 0x1 rule to ipchains when operating in passive mode. | ||||
Description | iptables.pm on ln 686 adds multiple rules to the FORWARD chain, giving certain marked packets the ability to traverse interfaces. this presents a security problem when a machine has a privileged admin interface sitting on a network or VLAN where you DO NOT want user traffic to end up. Also, enabling routing makes little sense when operating in passive (arp) mode. | ||||
Steps To Reproduce | |||||
Additional Information | as a workaround I enclosed these internal_append_entry calls: if(isenabled($Config{'network'}{'nat'})){ ... internal_append_entry(...); ... } Patch included. | ||||
Tags | No tags attached. | ||||
Relationships | |||||
Attached Files | iptables_nonat.patch (1,567) 2008-04-21 14:19 https://www.packetfence.org/bugs/file_download.php?file_id=34&type=bug | ||||
Issue History | |||||
Date Modified | Username | Field | Change | ||
2008-04-21 14:19 | aflannery | New Issue | |||
2008-04-21 14:19 | aflannery | File Added: iptables_nonat.patch | |||
2008-06-12 20:55 | user4 | Project | PacketFence 1.6.2 => PacketFence 1.7 | ||
2008-06-12 20:55 | user4 | Status | new => assigned | ||
2008-06-12 20:55 | user4 | Assigned To | => user4 | ||
2008-07-21 16:56 | user4 | Status | assigned => closed | ||
2008-07-21 16:56 | user4 | Note Added: 0000767 | |||
2008-07-21 16:56 | user4 | Resolution | open => fixed | ||
2008-07-21 16:56 | user4 | Fixed in Version | => monotone |
Notes | |||||
|
|||||
|
|