Opened 4 years ago

Last modified 4 years ago

#14161 new defect

[Firewall] Bidirectional Forward permissions in the Inter-Zone Forwarding section

Reported by: dmitry.sergiev@… Owned by: developers
Priority: high Milestone: Barrier Breaker 14.07
Component: packages Version: Attitude Adjustment 12.09
Keywords: firewall Cc:



Forward permissions being set in the 'Inter-Zone Forwarding' section are bidirectional instead of unidirectional as it stated in the description for that section (and should be for stateful firewall).

Aditionally, per zone forward policy has no effect.

How to reproduce.

  1. Create firewall configuration with at least two security zones, for example, LAN and DMZ.
  2. Assign interfaces to each zone, for example, br-lan to LAN, eth0.3 to DMZ
  3. Do not configure any traffic rules.
  4. Permit forwarding to zone DMZ in the 'Inter-Zone Forwarding' section of zone LAN, and set forward policy to 'Reject'.
  5. Do not permit forwarding from zone DMZ in the same section (uncheck corresponding check-box).
  6. Check that hosts from zone LAN can successfully ping hosts from zone DMZ and vice versa.

firewall version 2-55.1

Additional info
System was sysupgraded from 11.03 to 12.09. Settings were preserved during upgrade.

Attachments (0)

Change History (1)

comment:1 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

as new .

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.