public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
* SECURITY ADVISORY: outgoing firewall accepts packets unintendedly
@ 2012-08-07 14:53 Michael Tremer
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2012-08-07 14:53 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 568 bytes --]

Hello,

there is a problem in the outgoing firewall if it is used in mode 1.
Packets are accepted from blue even if there is no rule for the MAC
address of the sender.

This problem has got a medium severity and does not affect any other
configuration of the outgoing firewall and does not occur when no blue
network interface exists.

There is a fix available:
http://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=commitdiff;h=78a14abf81e61ea4fc62d313dfd6779cda9421ae

Please install and test. I am not going to repeat this request anymore.

Michael


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: SECURITY ADVISORY: outgoing firewall accepts packets unintendedly
       [not found] <502389E2.9030409@gmx.de>
@ 2012-08-12 18:47 ` Michael Tremer
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2012-08-12 18:47 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 331 bytes --]

Removed that unused variable.

http://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=commitdiff;h=4e2bce180421f90ab45ed71d00d2bbf902c407ee

On Thu, 2012-08-09 at 11:58 +0200, Bernhard Bitsch wrote:
> Why are there settings for chain policy? They are not used and cannot be set by 
> a iptables command, but would be useful.


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-08-12 18:47 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-08-07 14:53 SECURITY ADVISORY: outgoing firewall accepts packets unintendedly Michael Tremer
     [not found] <502389E2.9030409@gmx.de>
2012-08-12 18:47 ` Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox