Anomalie #7789: ping autorisé sur tous les modules eole-firewall - eole-common - Ensemble Ouvert Libre Évolutif

Anomalie #7789

ping autorisé sur tous les modules eole-firewall

Added by Emmanuel GARETTE over 8 years ago. Updated over 8 years ago.

Status:

Fermé

Priority:

Normal

Assigned To:

Emmanuel GARETTE

Category:

Target version:

Distribution EOLE - Eole 2.4-RC3

Start date:

Due date:

04/04/2014

% Done:

100%

Spent time:

1.00 h

Distribution:

EOLE 2.4

Description

Aujourd'hui le ping est autorisé sur tous les modules depuis : eole-common:415b6dbf38f332d3e5fc844fd0f528693676dc3c

Il faudrait l'autorisé que sur demande.

Related issues

Associated revisions

Revision 68234252 (diff)
Added by Emmanuel GARETTE over 8 years ago

ajout de la variable restrict_ping_request pour autoriser le ping uniquement pour les ip_admins (fixes #7789 @1h)

Revision 789697dc (diff)
Added by Emmanuel GARETTE over 8 years ago

restrict_ping_request caché si era (ref #7789)

History

#1 Updated by Emmanuel GARETTE over 8 years ago

Status changed from Nouveau to Résolu
% Done changed from 0 to 100

Appliqué par commit 6823425236e871b94fe250ee43394b83eac7e677.

#2 Updated by Emmanuel GARETTE over 8 years ago

root@scribe:~# CreoleGet activer_firewall
oui
root@scribe:~# CreoleGet restrict_ping_request
non
root@scribe:~# CreoleSet activer_firewall non
root@scribe:~# CreoleGet restrict_ping_request
root - Creole error 1: trying to access to an option named: restrict_ping_request with properties ['disabled']
root@scribe:~#

Application des règles :

root@scribe:~# CreoleGet .creole.interface_0.ip_admin_eth0
{u'netmask_admin_eth0': [u'255.255.255.255'], u'ip_admin_eth0': [u'192.168.230.197']}
root@scribe:~# CreoleGet restrict_ping_request
oui
root@scribe:~# iptables-save |grep "icmp-type 8" 
-A eth0-root -s 192.168.230.197/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
root@scribe:~# CreoleSet restrict_ping_request non
root@scribe:~# CreoleCat -t 40-icmp_static_rules
root@scribe:~# /etc/init.d/bastion restart
root - Unknown variable install_rvp
 * Stopping firewall: bastion                                                                                                                          [ OK ] 
 * Starting firewall: bastionrun-parts: executing /usr/share/eole/bastion/data//00-static_rules
run-parts: executing /usr/share/eole/bastion/data//10-chain_static_rules
run-parts: executing /usr/share/eole/bastion/data//11-proftpd
run-parts: executing /usr/share/eole/bastion/data//40-icmp_static_rules
run-parts: executing /usr/share/eole/bastion/data//50-nat_rules
run-parts: executing /usr/share/eole/bastion/data//99-end_static_rules
                                                                                                                                                       [ OK ]
root@scribe:~# iptables-save |grep "icmp-type 8" 
-A eth0-root -p icmp -m icmp --icmp-type 8 -j ACCEPT

root@amon:~# CreoleGet restrict_ping_request
oui

#3 Updated by Emmanuel GARETTE over 8 years ago

Due date set to 04/04/2014
Status changed from Résolu to Fermé

Also available in: Atom PDF

Project

General

Profile

Distribution EOLE » Commun » eole-common

Issues

Custom queries