Project

General

Profile

Tâche #12175

Distribution EOLE - Scénario #15923: Corriger les problèmes identifiés sur Hâpy

Regles de Firewall non executées dans le Hook eole/graphicsfw

Added by Christophe LEON over 6 years ago. Updated over 5 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
06/24/2015
Due date:
% Done:

100%

Estimated time:
1.00 h
Spent time:
Remaining (hours):
0.0

Description

Les règles de firewall pour l'ouverture du port VNC sont bien ajoutées dans les règles iptables sauf qu'elles interviennent après un DROP
En cause peut être la règle iptables avec un -A au lieu d'un -I pour l'ajouter au début de la chaine eth0-root

Exemple : iptables -L eth0-root

ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
DROP all -- anywhere anywhere # <=
ACCEPT tcp -- 195.98.231.128/25 anywhere tcp dpt:6900flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- one.lp-jperrin.lan anywhere tcp dpt:6900flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- 193.253.112.149 anywhere tcp dpt:6900flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- one.lp-jperrin.lan anywhere tcp dpt:6900flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- nat-assistance.ac-reunion.fr anywhere tcp dpt:6900flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- one.lp-jperrin.lan anywhere tcp dpt:6900flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- 195.98.231.128/25 anywhere tcp dpt:6940flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- one.lp-jperrin.lan anywhere tcp dpt:6940flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- 193.253.112.149 anywhere tcp dpt:6940flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- one.lp-jperrin.lan anywhere tcp dpt:6940flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- nat-assistance.ac-reunion.fr anywhere tcp dpt:6940flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- one.lp-jperrin.lan anywhere tcp dpt:6940flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- one.lp-jperrin.lan anywhere tcp dpt:6910flags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- 195.98.231.128/25 anywhere tcp dpt:6900flags: FIN,SYN,RST,ACK/SYN

Associated revisions

Revision 7c0a6e60 (diff)
Added by Klaas TJEBBES over 5 years ago

hooks/graphicsfw : correction des règles iptables REF #12175 @1h

History

#1 Updated by Joël Cuissinat over 5 years ago

  • Estimated time set to 1.00 h
  • Parent task set to #15923

Corriger la règle iptable dans template

#2 Updated by Gilles Grandgérard over 5 years ago

  • Remaining (hours) set to 1.0

#3 Updated by Klaas TJEBBES over 5 years ago

  • Status changed from Nouveau to En cours
  • Assigned To set to Klaas TJEBBES
  • % Done changed from 0 to 100
  • Remaining (hours) changed from 1.0 to 0.15

#4 Updated by Scrum Master over 5 years ago

  • Status changed from En cours to Résolu

#5 Updated by Joël Cuissinat over 5 years ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) changed from 0.15 to 0.0

Also available in: Atom PDF