Firewall rules

Home Page Forums Network Management ZeroShell Firewall rules

This topic contains 3 replies, has 0 voices, and was last updated by  oleg 8 years, 5 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #42708

    oleg
    Member

    I have a problem with login to the web interface through the https. I set INPUT chain to drop and then I set to allow https connection with opened 443 port. But i can see connection login screen but the login failed. It works fine as follow:
    iptables -A INPUT -p All -j Accept #means that all services and protocols allowed to the firewall which is bad security policy.

    Any suggestions?

    #51267

    ppalias
    Member

    Failure in login doesn’t have to do with the firewall. If you can see the login screen, then the firewall is allowing the traffic. However what may happen is to see the login screen cached, in which case you cannot understand that it is blocked by the firewall. Best solution is to watch the counters of the iptables with the command

    iptables -L -v

    to see if the blocked packets or the accept packets raise when you try to connect.

    #51268

    oleg
    Member

    @oleg wrote:

    I have a problem with login to the web interface through the https. I set INPUT chain to drop and then I set to allow https connection with opened 443 port. But i can see connection login screen but the login failed. It works fine as follow:
    iptables -A INPUT -p All -j Accept #means that all services and protocols allowed to the firewall which is bad security policy.

    Any suggestions?

    hi

    #51269

    oleg
    Member

    @ppalias wrote:

    Failure in login doesn’t have to do with the firewall. If you can see the login screen, then the firewall is allowing the traffic. However what may happen is to see the login screen cached, in which case you cannot understand that it is blocked by the firewall. Best solution is to watch the counters of the iptables with the command

    iptables -L -v

    to see if the blocked packets or the accept packets raise when you try to connect.

    Hi,
    thanks for reply but I hope I found the solution for failure login.
    I create INPUT and OUTPUT rules to allow to use services in the Zeroshell:
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    The Reason for that because of using DROP target:
    iptables -F
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    then

    iptables -A INPUT -m state –state ESTABLISHED, RELATED -j ACCEPT
    iptables -A FORWARD -m state –state ESTABLISHED, RELATED -j ACCEPT
    iptables -A OUTPUT -m state –state NEW,ESTABLISHED, RELATED -j / ACCEPT
    So hopefully it will helps me
    Anyway thanks a lot

    #51270

    danielwang
    Member

    🙄

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.