fmFirewall New,Established issue #295
Comments
i've fixed it temporarily Add after line 241
|
Setting as a feature request. |
Hmm I wouldn't think this is a feature request, as at the moment it is no real firewall. it either blocks everything or allows anything => |
That is true with your particular two rules. However, there are many more rules that can be defined that would make it a firewall using the existing rule support by defining services to allow/deny. The feature that needs to be implemented in support to choose between NEW and RELATED. |
Reading the iptables manpage more, it seems to me fmFirewall ought to add RELATED to the states when specifying ESTABLISHED (given the module is still in its infancy). So, for example, your allowed line would be
Or if you untick the "Established connection packets" box on the policy then it would look like
|
v1.3 has been released and contains this improvement. |
Hello WillyXJ,
I was trying to setup my firewall rules. As facileManager uses ALLOW Policy on INPUT/OUTPUT/FORWARD I was trying to allow some services and block the rest. But when it comes to allow established packets back in, the rule sets this in the rules file:
// Allow-Established-Packets-Back-IN
-A INPUT -i venet0 -m state --state NEW,ESTABLISHED -j ACCEPT
And I block everything with this rule:
// From-Internet-IPv4
-A INPUT -i venet0 -j DROP
But due to the NEW before the ESTABLISHED statement, nothing gets blocked and everything is allowed to inside. Is there an option to remove the NEW statement or replace it with RELATED ?
Thank you!
The text was updated successfully, but these errors were encountered: