Bug #3170

Custom firewall zones precedence

Added by Filippo Carletti about 6 years ago. Updated about 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-firewall-base
Target version:v6.6
Security class: Resolution:
Affected version:v6.6 NEEDINFO:No

Description

User defined zones should be listed above standard zones in shorewall configuration:
Where a zone is nested in one or more other zones, you may either ensure that the nested zone precedes its parents.

Associated revisions

Revision 998a5603
Added by Giacomo Sanchietti about 6 years ago

zones: precedence to custom zones. Refs #3170

Revision 04436a05
Added by Giacomo Sanchietti about 6 years ago

zones template: cosmetic fix. Refs #3170

History

#1 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.6
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#4 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-firewall-base-2.6.0-1.7.g998a560.ns6.noarch.rpm
Test case
  • Check the bug is not reproducible (please add the steps to reproduce)

#5 Updated by Nicola Rauso about 6 years ago

  • Assignee set to Nicola Rauso

#6 Updated by Nicola Rauso about 6 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Nicola Rauso)
  • % Done changed from 70 to 90
Test case
  • Check the bug is not reproducible (please add the steps to reproduce)

Verified: OK

A little estetic issue: the new shorewall template fragment, "/etc/e-smith/templates/etc/shorewall/zones/15objects", contains the old name in the initial comment

#
# 50objects
#
{
    use esmith::NetworksDB;
    my $ndb = esmith::NetworksDB->open_ro();

    foreach ($ndb->zones()) {
        my $i = $_->prop('Interface') || "";
        my $n = $_->prop('Network') || "";
        next if ($i eq '' || $n eq '');
        $OUT .= substr($_->key, 0, 5)."     ipv4\n";;
    }
}

to make "/etc/shorewall/zones" file more readable, the comment should be updated with the new name:

#
# 15objects
#
...

#7 Updated by Nicola Rauso about 6 years ago

Steps to reproduce:

  • create new "Zone" into "Firewall Objects" menu
  • check if in the Shorewall configuration file "/etc/shorewall/zones" all the entries relative to custom "Zones" objects (either the already defined ones, either the new one created in the previous step) have priority (that is they come before) in comparison with standard zones.

#8 Updated by Giacomo Sanchietti about 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-firewall-base-2.6.1-1.ns6.noarch.rpm

Also available in: Atom PDF