Bug #3052

VPN: missing firewall policy

Added by Giacomo Sanchietti over 6 years ago. Updated over 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:<multiple packages>
Target version:v6.6
Security class: Resolution:
Affected version:v6.5 NEEDINFO:No

Description

Following policies are missing for ivpn and ovpn zones:
  • ivpn to firewall (ivpn $FW ACCEPT)
  • ivpn to blue and orange
  • ovpn to blue and orange

Associated revisions

Revision 491f4fa6
Added by Giacomo Sanchietti over 6 years ago

shorewall: add policy for built-in zones. Refs #3052

Revision 95bee293
Added by Giacomo Sanchietti over 6 years ago

shorewall: add missing ivpn2fw policy. Refs #3052

Revision c4f863d8
Added by Giacomo Sanchietti over 6 years ago

shorewall: add policy for built-in zones. Refs #3052

History

#1 Updated by Giacomo Sanchietti over 6 years ago

  • Category set to <multiple packages>
  • Status changed from NEW to TRIAGED
  • Target version set to v6.6
  • % Done changed from 0 to 20
  • Affected version set to v6.5

#2 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 30 to 60

#4 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70
Packages in nethserver-testing:
  • nethserver-openvpn-1.1.2-1.9.gac620ff.ns6.noarch.rpm
  • nethserver-ipsec-1.0.2-1.4.g66dbee5.ns6.noarch.rpm
Test case 1
  • Check the following rule is present in /etc/shorewall/policy
    ivpn $FW ACCEPT
    
Test case 2
  • Configure an interface in blue zone
  • Check corresponding policies for ivpn, lvpn and ovpn zones are created
Test case 3
  • Configure an interface in orange zone
  • Check corresponding policies for ivpn, lvpn and ovpn zones are created

#5 Updated by Davide Marini over 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

#6 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-base:
  • nethserver-openvpn-1.2.0-1.ns6.noarch.rpm
  • nethserver-ipsec-1.0.3-1.ns6.noarch.rpm

Also available in: Atom PDF