https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249972
Bug ID: 249972
Summary: Trusted hosts on rc.firewall are only trusted in one
direction
Product: Base System
Version: 12.1-RELEASE
Hardware: i386
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: conf
Assignee: [email protected]
Reporter: [email protected]
I attempted to configure an IPSec transport mode connection between a host and
a trusted peer (e.g. 10.0.1.2) using the "workstation" mode ipfw firewall. The
firewall appears not to have allowed outgoing packets. The following diff
address the specific test case I had and appears to be consistent with the
concept of a trusted peer.
> diff /etc/rc.firewall /tmp/rc.firewall.diff
516c516
< ${fwcmd} add pass ip from $i to me
---
> ${fwcmd} add pass ip from $i to me keep-state :default
Alternatively, a second rule per trusted peer could be added to pass packets to
the peer ("${fwcmd} add pass ip from me to $i").
Configuration example below:
firewall_enable="YES"
firewall_type="workstation"
firewall_myservices="22,80,443/tcp"
firewall_allowservices="0.0.0.0/0"
firewall_trusted="10.0.1.2 10.3.4.5 10.6.7.8"
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
