#25 cannot unblock non-routable networks

open
nobody
None
5
2004-12-08
2004-12-08
Anonymous
No

This is for firestarter 1.0.0. Running on
Mandrakelinux 10.1, but that's inconsequential in this
case.

My computer is on the subnet 192.168.10.0/24, and I see
a rule is automatically added to allow that subnet
through - ahead of the NR chain rule, by which
otherwise it'd be dropped.

However, I cannot unblock any other 192.168.x.x
network, because the NR blocking rule take precedence
over any 'inbound' rules.

I think the fix is to add the inbound chain to the
INPUT filter ahead of the NR chain, not after it.

Discussion

  • Logged In: NO

    I can confirm the same behavior with firestarter 1.0.1 on
    debian.

    The rules cause any inbound traffic from 192.168.169.0/24 to
    be accepted, while connections from the other side of our
    WAN (10.1.1.0/24) are being denied. Even if I add the
    10.1.1.0/24 subnet to the 'Allow connections from host'
    list, the subnet still gets blocked.