[Bug 249972] Trusted hosts on rc.firewall are only trusted in one direction
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Sep 29 01:01:00 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249972
Bug ID: 249972
Summary: Trusted hosts on rc.firewall are only trusted in one
direction
Product: Base System
Version: 12.1-RELEASE
Hardware: i386
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: conf
Assignee: bugs at FreeBSD.org
Reporter: archit.shah at gmail.com
I attempted to configure an IPSec transport mode connection between a host and
a trusted peer (e.g. 10.0.1.2) using the "workstation" mode ipfw firewall. The
firewall appears not to have allowed outgoing packets. The following diff
address the specific test case I had and appears to be consistent with the
concept of a trusted peer.
> diff /etc/rc.firewall /tmp/rc.firewall.diff
516c516
< ${fwcmd} add pass ip from $i to me
---
> ${fwcmd} add pass ip from $i to me keep-state :default
Alternatively, a second rule per trusted peer could be added to pass packets to
the peer ("${fwcmd} add pass ip from me to $i").
Configuration example below:
firewall_enable="YES"
firewall_type="workstation"
firewall_myservices="22,80,443/tcp"
firewall_allowservices="0.0.0.0/0"
firewall_trusted="10.0.1.2 10.3.4.5 10.6.7.8"
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list