Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#240 Bug with interface+vlan+dynamic address selected

open
nobody
None
5
2012-09-24
2012-09-24
Niumar
No

If a interface is configured with vlan and with dynamic address, no input/output rules are builded, only forward ones. Just changing from dynamic to static address it works right.

Example:

Rule:
<src = eth1.1> <dst = any> <service = any> <interface = eth1.1> <direction =
output> <action = accept>

Result with dynamic address
for i_eth1_1 in $i_eth1_1_list
do
test -n "$i_eth1_1" && $IPTABLES -A FORWARD -o eth1.1 -p udp -m udp -s
$i_eth1_1 -m state --state NEW -j ACCEPT
done

Result with static IP address:

$IPTABLES -A OUTPUT -o eth1.1 -p udp -m udp -s 1.1.1.1 -m state --state NEW
-j ACCEPT

PS. "Assume firewall is a part of 'any' " is not selected.

Discussion