Modify

Opened 7 years ago

Closed 7 years ago

Last modified 4 years ago

#9241 closed defect (worksforme)

Rules for additional zones do not work because of NOTRACK

Reported by: nils@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: base system Version: Backfire 10.03.1 RC4
Keywords: Cc:

Description

It took me ages to find out why the firewall rules for my non-standard zone "maint" wouldn't work: because there was a NOTRACK rule in table/chain raw/zone_maint_notrack! Hence response packets were not covered by the standard ESTABLISHED rule and required an super ugly additional (ipchains-style) rule.

This issue is the same as #7196, but the patch does not help my case. I had to manually add my zone to CONNTRACK_ZONES= at the beginning of /lib/firewall/uci_firewall.sh in order to make my (filter) rules for the new zone work (i know, dodgy workaround - What is the proper way to make my non-standard zone connection tracked?)

I suggest all zones are connection tracked by default unless tracking is explicitly deactivated.

  • OpenWRT version: 10.03.1-rc4 (r24045)
  • Kernel: 2.6.32.25-1 i586
  • Package: firewall 1-20

Attachments (0)

Change History (2)

comment:1 Changed 7 years ago by jow

  • Resolution set to worksforme
  • Status changed from new to closed

Set "option conntrack 1" on your "maint" zone.

comment:2 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.