Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#13641 closed defect (fixed)

firewall3: Incorrect forward traffic flow

Reported by: anonymous Owned by: developers
Priority: high Milestone: Attitude Adjustment 12.09.1
Component: packages Version: Attitude Adjustment 12.09
Keywords: firewall3 iptables Cc:


Here's an output to show the traffic flow of forwarded traffic through chains in the filter table generated by firewall3. I've included only lines that track forwarded traffic from wan (eth1) -> lan:

iptables -t filter -A FORWARD -j delegate_forward
iptables -t filter -A delegate_forward -m comment--comment "user chain for forwarding"  -j forwarding_rule
iptables -t filter -A delegate_forward -m conntrack--ctstate RELATED,ESTABLISHED  -j ACCEPT
iptables -t filter -A delegate_forward -m conntrack--ctstate INVALID  -j DROP
iptables -t filter -A delegate_forward -i eth1 -j zone_wan_forward
iptables -t filter -A delegate_forward -j reject

iptables -t filter -A zone_wan_forward -m comment--comment "user chain for forwarding"  -j forwarding_wan_rule
iptables -t filter -A zone_wan_forward -j zone_wan_dest_DROP

iptables -t filter -N zone_wan_dest_DROP
iptables -t filter -A zone_wan_forward -j zone_wan_dest_DROP
iptables -t filter -A zone_wan_dest_DROP -o eth1 -j DROP

The forwarded traffic goes from FORWARD -> delegate_forward -> (input interface eth1) zone_wan_forward -> zone_wan_dest_DROP

But the "zone_wan_dest_DROP" chain only drops traffic outgoing on eth1. Should this be corrected to zone_wan_forward -> zone_wan_src_DROP?

Attachments (0)

Change History (2)

comment:1 Changed 5 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

Fixed with r36830, r36831

comment:2 Changed 5 years ago by anonymous

Thank you!

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.