#22674: iptables bug
----------------------+-----------------------------------
Reporter: mcfly9 | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: packages | Version: Barrier Breaker 14.07
Keywords: |
----------------------+-----------------------------------
I have defined a zone:
{{{
config zone
option name 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option network 'guest'
}}}
I have set up forwarding:
{{{
config forwarding
option src 'guest'
option dest 'wan'
}}}
The following forwarding rules are generated:
{{{
Chain zone_guest_forward (1 references)
pkts bytes target prot opt in out source
destination
277 18221 forwarding_guest_rule all -- any any anywhere
anywhere /* user chain for forwarding */
277 18221 zone_wan_dest_ACCEPT all -- any any anywhere
anywhere /* forwarding guest -> wan */
0 0 ACCEPT all -- any any anywhere
anywhere ctstate DNAT /* Accept port forwards */
10 654 zone_guest_dest_REJECT all -- any any anywhere
anywhere
}}}
I would expect the zone guest to not forward any packets to zones other
than wan (eg: lan) because the default behaviour is set to REJECT. The
zone rules though allow these packets through because the last rule's
destination condition is never met (packets come from guest not go to
guest).
Proposed fix: change the last rule to **src**_REJECT instead of
**dest**_REJECT
--
Ticket URL: <https://dev.openwrt.org/ticket/22674>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
