Opened 10 years ago

Closed 9 years ago

#3043 closed defect (fixed)

Default firewall config accepts all OUTPUT connections

Reported by: argovela-at-yahoo-com Owned by: developers
Priority: normal Milestone: Kamikaze 7.09
Component: packages Version:
Keywords: firewall iptables OUTPUT Cc:


The default iptables rules configured by /etc/init.d/firewall will accept all outgoing connections from the router in the OUTPUT chain. This seems to contradict the documentation at, which implies that all outgoing connections need to be specifically allowed.

Note lines #81-82 in the following code:

76 	        #
77 	        # insert accept rule or to jump to new accept-check table here
78 	        #
79 	        iptables -A OUTPUT -j output_rule
81 	        # allow
82 	        iptables -A OUTPUT -j ACCEPT            #allow everything out
84 	        # reject (what to do with anything not allowed earlier)
85 	        iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset
86 	        iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable

Attachments (0)

Change History (1)

comment:1 Changed 9 years ago by florian

  • Resolution set to fixed
  • Status changed from new to closed

Should be fixed with the new UCI firewall.

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.