[Spce-user] Possible Bug? - NGCP Firewall in mr6.5.3

Hohl Matthias matthias.hohl at telematica.at
Tue Apr 2 10:46:10 EDT 2019


Hello again,

 

eth1 has type:

 

      type:

      - sip_ext_incoming

      - rtp_eth1_peering

 

 

But my iptables has no “eth1” entries…

 

 

root at spce:~# iptables -L -n -v

Chain INPUT (policy DROP 21 packets, 960 bytes)

pkts bytes target     prot opt in     out     source               destination

  707 83225 f2b-ssh    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22

29604 5939K f2b-KAMAILIO  all  --  *      *       0.0.0.0/0            0.0.0.0/0

29557 5904K f2b-KAMAILIO  all  --  *      *       0.0.0.0/0            0.0.0.0/0

5434 2059K rtpengine  udp  --  *      *       0.0.0.0/0            0.0.0.0/0

26978 5435K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0

2078  293K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

    6   264 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8

    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 0

  520  178K cluster    all  --  *      *       0.0.0.0/0            0.0.0.0/0

  202  146K ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:5060 /* sip_ext */

    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5060 /* sip_ext */

    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5061 /* sip_ext */

    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5222 /* sip_ext */

    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5269 /* sip_ext */

   36  6880 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpts:30000:44999 /* rtp_ext */

    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 /* web_ext */

    4   208 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1443 /* web_int */

    0     0 ACCEPT     tcp  --  eth0   *       92.42.136.52         0.0.0.0/0            tcp dpt:22 /* ssh_ext */

  140 12589 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 5/min burst 10 LOG flags 0 level 7 prefix "NGCPFW[DROP]: "

 

 

So I am not sure if this eth1 rules was generated successfully or not…

 

 

Von: Spce-user <spce-user-bounces at lists.sipwise.com> Im Auftrag von Richard Fuchs
Gesendet: Dienstag, 2. April 2019 16:26
An: spce-user at lists.sipwise.com
Betreff: Re: [Spce-user] Possible Bug? - NGCP Firewall in mr6.5.3

 

On 02/04/2019 09.30, Hohl Matthias wrote:

Oh okay…

Last update i did 2 weeks ago.

It looks like no fixes in there…

I will do the update immediately.

 

Btw: what about my ETH1 interface? 

How can I enable my standard rules also for eth1?

 

Rules are generated according to the interface types and roles assigned to each interface in network.yml. If eth1 does not have any types associated with it, then no rules will be generated for it. You can use ngcp-network to set up types and roles, or add your own custom rules for it in config.yml.

Cheers

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190402/bbb210a1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5585 bytes
Desc: not available
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190402/bbb210a1/attachment-0001.p7s>


More information about the Spce-user mailing list