Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proper Firewall Configuration #364

Closed
air101 opened this issue Feb 8, 2017 · 8 comments
Closed

Proper Firewall Configuration #364

air101 opened this issue Feb 8, 2017 · 8 comments

Comments

@air101
Copy link

@air101 air101 commented Feb 8, 2017

Hello WillyXJ,

how do I configure the firewall component the right way? Thats what I want to do on a latest Debian with latest stable release of facilemanager:

allow IN ssh from anywhere
allow IN snmp from specific ip 10.0.0.5
allow OUT anything
block REST

When I configure my firewall like that with your tool, then nothing NEW gets in or anything goes out. I keep the connection to the server (via ssh) but no setting was working till now.

Thanks in advance!

@air101 air101 changed the title Right Firewall Configuration Proper Firewall Configuration Feb 8, 2017
@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Feb 8, 2017

Are you allowing established connection packets in your rules, too?

image

@air101
Copy link
Author

@air101 air101 commented Feb 8, 2017

Yes

@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Feb 8, 2017

You have uncovered a flaw in the software. In order to essentially block new inbound requests, but allow related traffic, the following rule needs to be applied:

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

However, fmFirewall does not currently allow that type of rule. This will need to be fixed in the next release.

@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Apr 15, 2017

This is now included in the latest beta version and later.

@air101
Copy link
Author

@air101 air101 commented Apr 18, 2017

Hello WillyXJ,

i upgraded to the latest Beta but now all rules are gone and when I want to add a new rule, theres an error: Could not add the policy because a database error occurred.

@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Apr 18, 2017

@air101 - thanks for the report. I've been able to reproduce this behavior. What I've found is the fmFirewall upgrade function isn't getting executed for some reason. If the version is reset in the database and you run through the forced upgrade, then the database gets updated.

Run the following manually against your database and then use the web interface and go through the upgrade again. After that, your records will be present and policies can be added/updated.

UPDATE fm_options SET option_value='1.3.1' WHERE option_name='version' AND module_name='fmFirewall';

I'll continue working on a fix for the next release.

@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Apr 19, 2017

A fix for the upgrade process has been committed and will be included in the next release.

@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Jun 23, 2017

This is now included in 3.0 and later.

@WillyXJ WillyXJ closed this Jun 23, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.