[BUG] INPUT is permitted even if DROP exists
postmaster
email hidden
Mon Feb 12 18:34:17 CET 2007
Sameh Attia wrote:
> I agree with you that Linux does not forward between INPUTs. So, it should
> be implemented by FIAIF itself.
> What about expanding the destination 0.0.0.0/0 to the actual zone's network
> range with the proper permission as per the rules?
The problem is that these permissions are too strict, as the user then
only communicate with the firewall using the ip number within the zone
definition. In my setup, the firewall runs different services on
different ip-numbers.
Another solution would be to emulate the true forwading system, but this
is FIAIF2 stuff. FIAIF2 will have a "local" zone, so FORWARD rules
applies as they should have in the current version of FIAIF.
Regards
Anders
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> fiaif mailing list
> fiaif at fiaif.net
> https://www.fiaif.net/mailman/listinfo/fiaif
More information about the fiaif
mailing list