Opened 20 months ago

#22674 new defect

iptables bug

Reported by: mcfly9 Owned by: developers
Priority: normal Milestone:
Component: packages Version: Barrier Breaker 14.07
Keywords: Cc:


I have defined a zone:

config zone
        option name 'guest'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option network 'guest'

I have set up forwarding:

config forwarding
        option src 'guest'
        option dest 'wan'

The following forwarding rules are generated:

Chain zone_guest_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
  277 18221 forwarding_guest_rule  all  --  any    any     anywhere             anywhere             /* user chain for forwarding */
  277 18221 zone_wan_dest_ACCEPT  all  --  any    any     anywhere             anywhere             /* forwarding guest -> wan */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port forwards */
   10   654 zone_guest_dest_REJECT  all  --  any    any     anywhere             anywhere

I would expect the zone guest to not forward any packets to zones other than wan (eg: lan) because the default behaviour is set to REJECT. The zone rules though allow these packets through because the last rule's destination condition is never met (packets come from guest not go to guest).

Proposed fix: change the last rule to src_REJECT instead of dest_REJECT

Attachments (0)

Change History (0)

Add Comment

Modify Ticket

as new .

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.