Anonymous | Login | 2024-04-25 23:55 EDT |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0000314 | PacketFence 1.7 | public | 2008-04-21 14:19 | 2008-07-21 16:56 | ||||
Reporter | aflannery | |||||||
Assigned To | user4 | |||||||
Priority | normal | Severity | major | Reproducibility | always | |||
Status | closed | Resolution | fixed | |||||
Platform | OS | OS Version | ||||||
Product Version | ||||||||
Target Version | Fixed in Version | monotone | ||||||
Summary | 0000314: iptables.pm adding FORWARD ACCEPT MARK 0x1 rule to ipchains when operating in passive mode. | |||||||
Description | iptables.pm on ln 686 adds multiple rules to the FORWARD chain, giving certain marked packets the ability to traverse interfaces. this presents a security problem when a machine has a privileged admin interface sitting on a network or VLAN where you DO NOT want user traffic to end up. Also, enabling routing makes little sense when operating in passive (arp) mode. | |||||||
Additional Information | as a workaround I enclosed these internal_append_entry calls: if(isenabled($Config{'network'}{'nat'})){ ... internal_append_entry(...); ... } Patch included. | |||||||
Tags | No tags attached. | |||||||
fixed in mtn revision | ||||||||
Attached Files | iptables_nonat.patch (Attachment missing) | |||||||
Notes | |
(0000767) user4 2008-07-21 16:56 |
revision 2bec65bd586a6ae3997316190870e09bcaecb506 |
Issue History | |||
Date Modified | Username | Field | Change |
2008-04-21 14:19 | aflannery | New Issue | |
2008-04-21 14:19 | aflannery | File Added: iptables_nonat.patch | |
2008-06-12 20:55 | user4 | Project | PacketFence 1.6.2 => PacketFence 1.7 |
2008-06-12 20:55 | user4 | Status | new => assigned |
2008-06-12 20:55 | user4 | Assigned To | => user4 |
2008-07-21 16:56 | user4 | Status | assigned => closed |
2008-07-21 16:56 | user4 | Note Added: 0000767 | |
2008-07-21 16:56 | user4 | Resolution | open => fixed |
2008-07-21 16:56 | user4 | Fixed in Version | => monotone |
Copyright © 2000 - 2012 MantisBT Group |