Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Iptables rules are not getting applied if removed completely #5309

Closed
3 tasks
kushaldas opened this issue Jun 11, 2020 · 3 comments
Closed
3 tasks

Iptables rules are not getting applied if removed completely #5309

kushaldas opened this issue Jun 11, 2020 · 3 comments
Labels
needs/reproducing
Projects
SecureDrop Team Board
Milestone
1.5.0

Comments

@kushaldas
Copy link
Contributor

kushaldas commented Jun 11, 2020
edited

Description

Steps to Reproduce

  • On app run iptables -F
  • ./securedrop-admin install on tails again
  • reboot app

Expected Behavior

  • The rules should come back on app

Actual Behavior

  • No rules even after reboot via iptables -L

Comments

Suggestions to fix, any other relevant information.
@conorsch
Copy link
Contributor

conorsch commented Jun 15, 2020
edited

Cannot reproduce. I tested using staging VMs in Qubes, running the following commands on app-staging:

# updating input policy to avoid breaking ssh session during flush
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
sudo iptables -X
sudo iptables -S # to confirm the rules were purged

I then rebooted the app-staging VM, logged in again, and ran sudo iptables -S, which showed that all the rules had been restored. I did not run playbooks against the server as described in the initial report—a reboot was sufficient to reload the rules back to baseline.

@eloquence eloquence added this to the 1.5.0 milestone Jul 1, 2020
@eloquence
Copy link
Member

I suggest we try one more repro during the 1.5.0 QA cycle. Milestoned accordingly.

@eloquence eloquence added this to Near Term - SecureDrop Core in SecureDrop Team Board Jul 6, 2020
@eloquence eloquence moved this from Near Term - SecureDrop Core to Next sprint candidates in SecureDrop Team Board Jul 7, 2020
@eloquence eloquence moved this from Next sprint candidates to SecureDrop Sprint #54 - 7/8-7/22 in SecureDrop Team Board Jul 8, 2020
@zenmonkeykstop zenmonkeykstop mentioned this issue Jul 20, 2020
Closed
18 tasks
@eloquence
Copy link
Member

During 1.5.0 QA, nobody has been able to reproduce, so closing - can reopen if we get a repro.

SecureDrop Team Board automation moved this from SecureDrop Sprint #54 - 7/8-7/22 to Done Jul 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs/reproducing
Projects
No open projects
SecureDrop Team Board
Done
Milestone
1.5.0
Development

No branches or pull requests
3 participants
@eloquence @kushaldas @conorsch