Date: Tue, 29 Sep 2020 01:01:00 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 249972] Trusted hosts on rc.firewall are only trusted in one direction Message-ID: <bug-249972-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249972 Bug ID: 249972 Summary: Trusted hosts on rc.firewall are only trusted in one direction Product: Base System Version: 12.1-RELEASE Hardware: i386 OS: Any Status: New Severity: Affects Some People Priority: --- Component: conf Assignee: bugs@FreeBSD.org Reporter: archit.shah@gmail.com I attempted to configure an IPSec transport mode connection between a host and a trusted peer (e.g. 10.0.1.2) using the "workstation" mode ipfw firewall. The firewall appears not to have allowed outgoing packets. The following diff address the specific test case I had and appears to be consistent with the concept of a trusted peer. > diff /etc/rc.firewall /tmp/rc.firewall.diff 516c516 < ${fwcmd} add pass ip from $i to me --- > ${fwcmd} add pass ip from $i to me keep-state :default Alternatively, a second rule per trusted peer could be added to pass packets to the peer ("${fwcmd} add pass ip from me to $i"). Configuration example below: firewall_enable="YES" firewall_type="workstation" firewall_myservices="22,80,443/tcp" firewall_allowservices="0.0.0.0/0" firewall_trusted="10.0.1.2 10.3.4.5 10.6.7.8" -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-249972-227>