Project

General

Profile

Anomalie #7789

ping autorisé sur tous les modules eole-firewall

Added by Emmanuel GARETTE over 7 years ago. Updated over 7 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Category:
-
Start date:
Due date:
04/04/2014
% Done:

100%

Spent time:
Distribution:
EOLE 2.4

Description

Aujourd'hui le ping est autorisé sur tous les modules depuis : eole-common:415b6dbf38f332d3e5fc844fd0f528693676dc3c

Il faudrait l'autorisé que sur demande.


Related issues

Related to eole-fichier - Anomalie #7774: Règles eole-firewall non reportées en 2.4 Fermé 04/04/2014

Associated revisions

Revision 68234252 (diff)
Added by Emmanuel GARETTE over 7 years ago

ajout de la variable restrict_ping_request pour autoriser le ping uniquement pour les ip_admins (fixes #7789 @1h)

Revision 789697dc (diff)
Added by Emmanuel GARETTE over 7 years ago

restrict_ping_request caché si era (ref #7789)

History

#1 Updated by Emmanuel GARETTE over 7 years ago

  • Status changed from Nouveau to Résolu
  • % Done changed from 0 to 100

#2 Updated by Emmanuel GARETTE over 7 years ago

root@scribe:~# CreoleGet activer_firewall
oui
root@scribe:~# CreoleGet restrict_ping_request
non
root@scribe:~# CreoleSet activer_firewall non
root@scribe:~# CreoleGet restrict_ping_request
root - Creole error 1: trying to access to an option named: restrict_ping_request with properties ['disabled']
root@scribe:~# 

Application des règles :

root@scribe:~# CreoleGet .creole.interface_0.ip_admin_eth0
{u'netmask_admin_eth0': [u'255.255.255.255'], u'ip_admin_eth0': [u'192.168.230.197']}
root@scribe:~# CreoleGet restrict_ping_request
oui
root@scribe:~# iptables-save |grep "icmp-type 8" 
-A eth0-root -s 192.168.230.197/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
root@scribe:~# CreoleSet restrict_ping_request non
root@scribe:~# CreoleCat -t 40-icmp_static_rules
root@scribe:~# /etc/init.d/bastion restart
root - Unknown variable install_rvp
 * Stopping firewall: bastion                                                                                                                          [ OK ] 
 * Starting firewall: bastionrun-parts: executing /usr/share/eole/bastion/data//00-static_rules
run-parts: executing /usr/share/eole/bastion/data//10-chain_static_rules
run-parts: executing /usr/share/eole/bastion/data//11-proftpd
run-parts: executing /usr/share/eole/bastion/data//40-icmp_static_rules
run-parts: executing /usr/share/eole/bastion/data//50-nat_rules
run-parts: executing /usr/share/eole/bastion/data//99-end_static_rules
                                                                                                                                                       [ OK ]
root@scribe:~# iptables-save |grep "icmp-type 8" 
-A eth0-root -p icmp -m icmp --icmp-type 8 -j ACCEPT
root@amon:~# CreoleGet restrict_ping_request
oui

#3 Updated by Emmanuel GARETTE over 7 years ago

  • Due date set to 04/04/2014
  • Status changed from Résolu to Fermé

Also available in: Atom PDF