<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.E-MailFormatvorlage18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.E-MailFormatvorlage19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.E-MailFormatvorlage20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.E-MailFormatvorlage22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.E-MailFormatvorlage23
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=DE-AT link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='color:windowtext'>Hello again,<o:p></o:p></span></p><p class=MsoNormal><span style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:windowtext'>eth1 has type:<o:p></o:p></span></p><p class=MsoNormal><span style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> type:<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> - sip_ext_incoming<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> - rtp_eth1_peering<o:p></o:p></span></i></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'>But my iptables has no “eth1” entries…<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'>root@spce:~# iptables -L -n -v<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'>Chain INPUT (policy DROP 21 packets, 960 bytes)<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> pkts bytes target prot opt in out source destination<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 707 83225 f2b-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'>29604 5939K f2b-KAMAILIO all -- * * 0.0.0.0/0 0.0.0.0/0<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'>29557 5904K f2b-KAMAILIO all -- * * 0.0.0.0/0 0.0.0.0/0<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 5434 2059K rtpengine udp -- * * 0.0.0.0/0 0.0.0.0/0<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'>26978 5435K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 2078 293K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 6 264 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 520 178K cluster all -- * * 0.0.0.0/0 0.0.0.0/0<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 202 146K ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 /* sip_ext */<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060 /* sip_ext */<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5061 /* sip_ext */<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 /* sip_ext */<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5269 /* sip_ext */<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 36 6880 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:30000:44999 /* rtp_ext */<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 /* web_ext */<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 4 208 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1443 /* web_int */<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 0 0 ACCEPT tcp -- eth0 * 92.42.136.52 0.0.0.0/0 tcp dpt:22 /* ssh_ext */<o:p></o:p></span></i></p><p class=MsoNormal style='margin-left:35.4pt'><i><span lang=EN-US style='font-size:9.0pt;color:windowtext'> 140 12589 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 10 LOG flags 0 level 7 prefix "NGCPFW[DROP]: "<o:p></o:p></span></i></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'>So I am not sure if this eth1 rules was generated successfully or not…<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=DE style='color:windowtext;mso-fareast-language:DE-AT'>Von:</span></b><span lang=DE style='color:windowtext;mso-fareast-language:DE-AT'> Spce-user <spce-user-bounces@lists.sipwise.com> <b>Im Auftrag von </b>Richard Fuchs<br><b>Gesendet:</b> Dienstag, 2. April 2019 16:26<br><b>An:</b> spce-user@lists.sipwise.com<br><b>Betreff:</b> Re: [Spce-user] Possible Bug? - NGCP Firewall in mr6.5.3<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On 02/04/2019 09.30, Hohl Matthias wrote:<span style='mso-fareast-language:DE-AT'><o:p></o:p></span></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><span lang=EN-US style='color:windowtext'>Oh okay…</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'>Last update i did 2 weeks ago.</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'>It looks like no fixes in there…</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'>I will do the update immediately.</span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'> </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'>Btw: what about my ETH1 interface? </span><o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='color:windowtext'>How can I enable my standard rules also for eth1?</span><o:p></o:p></p><p><span lang=EN-US style='color:windowtext'> </span><o:p></o:p></p></blockquote><p>Rules are generated according to the interface types and roles assigned to each interface in network.yml. If eth1 does not have any types associated with it, then no rules will be generated for it. You can use ngcp-network to set up types and roles, or add your own custom rules for it in config.yml.<o:p></o:p></p><p>Cheers<o:p></o:p></p><p class=MsoNormal><span style='mso-fareast-language:DE-AT'><o:p> </o:p></span></p></div></body></html>