#273 changing "Host OS settings" in a fw invalidates ALL fw's

open
Vadim Kurland
None
5
2010-08-12
2010-08-12
Michael Monnerie
No

I have several firewalls, go into one and change "Host OS Settings" -> conntrack HASH table, and ALL firewalls rules are marked as "must be recompiled and reinstalled". Changing the OS settings of one firewall shouldn't really influence others, I believe.

Discussion

  • Vadim Kurland
    Vadim Kurland
    2010-08-12

    • assigned_to: nobody --> vkurland
     
  • Vadim Kurland
    Vadim Kurland
    2010-08-12

    this may happen if all other firewalls use the firewall object objects you've changed or one of its children in their rules. Please check if this is the case.

     
  • That's the case. But why has another firewall to be recompiled & reinstalled, when I change some host OS settings? The rules there do not change because my hash table sizes changes, or I switch of "accept ICMP redirect" or whatever. Even when I change a rule, other firewalls don't get changed. So why is it with host OS settings?

     
  • Vadim Kurland
    Vadim Kurland
    2010-08-13

    current implementation does not differentiate changes that may affect rules of other firewall from those that dont. I'll add this to the list of feature requests for future development