Project

General

Profile

Anomalie #2261

Nom de domaine dans 00_web_mail.fw

Added by Joël Cuissinat almost 9 years ago. Updated about 8 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Category:
-
Start date:
10/19/2011
Due date:
% Done:

100%

Estimated time:
0.75 h
Spent time:
Distribution:
EOLE 2.3

Description

On pourrait utiliser "%%is_ip(%%passerelle_smtp)" comme dans le template "hosts" mais dans ce cas la règle serait toujours manquante !

 * Starting firewall: bastioniptables v1.4.4: host/network `smtp.ac-dijon.fr' not found
Try `iptables -h' or 'iptables --help' for more information.

Related issues

Related to conf-amonecole - Evolution #2052: Elements manquants pour AmonHorus Fermé 09/12/2011
Related to eole-exim - Anomalie #2066: Le conteneur ne peut pas envoyer de mail Fermé 09/15/2011

Associated revisions

Revision 5f7af986 (diff)
Added by exarkun almost 13 years ago

Merge newcallstack-segfault-2261

Author: exarkun
Reviewer: glyph
Fixes #2261

Work around a Spidermonkey bug which results in a SIGSEGV by
closing over a variable instead of having it as a local in a
function with an attribute of the same name.

JavaScript test suite now runs to completion with the Dapper
version of Spidermonkey.

Revision b62fae5e (diff)
Added by Jelmer Vernooij almost 13 years ago

r5915: Remove --with-manpages-languages= from configure (we only have them in one
lanuage, English, at the moment). Fixes #2261. If other languages
might are added in the future, this parameter will still not be needed.
(This used to be commit d41e790b4ba96b42ae80f51925a86a3344d3fd39)

Revision f0fd69bf (diff)
Added by Joël Cuissinat about 8 years ago

  • static_rules.sh : autorisation des retours, notamment pour les requêtes DNS
    Fixes #2261 @15m

Revision 72cddf93 (diff)
Added by Alexandre Delaunay about 3 years ago

don't cancel notification for reopen ticket

fix #2261

Revision f07fe997 (diff)
Added by Alexandre Delaunay about 3 years ago

don't cancel notification for reopen ticket

fix #2261

History

#1 Updated by Joël Cuissinat almost 9 years ago

  • Assigned To changed from Fabrice Barconnière to Daniel Dehennin

#2 Updated by Daniel Dehennin almost 9 years ago

Sur ma machine du réseau EOLE :

dad@nidhogg:~ $ sudo iptables -A INPUT -p tcp -s zion.baby-gnu.org --dport ssh -j ACCEPT
dad@nidhogg:~ $ sudo iptables --line-numbers -v -L
Chain INPUT (policy ACCEPT 72 packets, 17576 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  any    any     zion.baby-gnu.org    anywhere             tcp dpt:ssh

Il faut que le DNS soit autorsié lors l’exécution des commandes iptables.

Il pourrait être intéressant de faire :

  1. Mise en place des autorisations pour une liste blanche (afin de toujours pouvoir faire un SSH ou des résolutions DNS)
  2. Politique par défaut à DROP
  3. Mise en place des règles

#3 Updated by Daniel Dehennin almost 9 years ago

  • Assigned To changed from Daniel Dehennin to Emmanuel GARETTE

eole-firewall va être réécrit.

#4 Updated by Joël Cuissinat over 8 years ago

  • Target version changed from Mises à jour 2.3 - 03 RC to Mises à jour 2.3.4 RC

#5 Updated by Daniel Dehennin over 8 years ago

  • Status changed from Nouveau to En attente d'informations

Une option serait d’autoriser le DNS dans /usr/share/eole/bastion/data/static_rules.sh afin que les requêtes DNS fonctionnent.

Ça n’impacte aucun module officiel sauf :

  • horus en mode conteneur
  • eolebase en mode conteneur + eole-web

On repousse à la prochaine ?

#6 Updated by Joël Cuissinat over 8 years ago

  • Project changed from conf-scribe to eole-web

#7 Updated by Joël Cuissinat over 8 years ago

  • Target version changed from Mises à jour 2.3.4 RC to Mises à jour 2.3.5 RC

#8 Updated by Joël Cuissinat about 8 years ago

  • Status changed from En attente d'informations to Accepté
  • Assigned To changed from Emmanuel GARETTE to Joël Cuissinat

#9 Updated by Joël Cuissinat about 8 years ago

  • Project changed from eole-web to ERA

#10 Updated by Joël Cuissinat about 8 years ago

  • Status changed from Accepté to Résolu
  • % Done changed from 0 to 100

#11 Updated by Joël Cuissinat about 8 years ago

Correction équivalente pour eole-firewall appliquée par :
eole-common:fa670799

#12 Updated by Daniel Dehennin about 8 years ago

  • Status changed from Résolu to Fermé

Testé sur scribe à jour en -proposed

Also available in: Atom PDF