[Spce-user] Possible Bug? - NGCP Firewall in mr6.5.3
Hohl Matthias
matthias.hohl at telematica.at
Tue Apr 2 10:46:10 EDT 2019
Hello again,
eth1 has type:
type:
- sip_ext_incoming
- rtp_eth1_peering
But my iptables has no “eth1” entries…
root at spce:~# iptables -L -n -v
Chain INPUT (policy DROP 21 packets, 960 bytes)
pkts bytes target prot opt in out source destination
707 83225 f2b-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
29604 5939K f2b-KAMAILIO all -- * * 0.0.0.0/0 0.0.0.0/0
29557 5904K f2b-KAMAILIO all -- * * 0.0.0.0/0 0.0.0.0/0
5434 2059K rtpengine udp -- * * 0.0.0.0/0 0.0.0.0/0
26978 5435K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2078 293K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6 264 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0
520 178K cluster all -- * * 0.0.0.0/0 0.0.0.0/0
202 146K ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 /* sip_ext */
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060 /* sip_ext */
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5061 /* sip_ext */
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 /* sip_ext */
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5269 /* sip_ext */
36 6880 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:30000:44999 /* rtp_ext */
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 /* web_ext */
4 208 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1443 /* web_int */
0 0 ACCEPT tcp -- eth0 * 92.42.136.52 0.0.0.0/0 tcp dpt:22 /* ssh_ext */
140 12589 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 10 LOG flags 0 level 7 prefix "NGCPFW[DROP]: "
So I am not sure if this eth1 rules was generated successfully or not…
Von: Spce-user <spce-user-bounces at lists.sipwise.com> Im Auftrag von Richard Fuchs
Gesendet: Dienstag, 2. April 2019 16:26
An: spce-user at lists.sipwise.com
Betreff: Re: [Spce-user] Possible Bug? - NGCP Firewall in mr6.5.3
On 02/04/2019 09.30, Hohl Matthias wrote:
Oh okay…
Last update i did 2 weeks ago.
It looks like no fixes in there…
I will do the update immediately.
Btw: what about my ETH1 interface?
How can I enable my standard rules also for eth1?
Rules are generated according to the interface types and roles assigned to each interface in network.yml. If eth1 does not have any types associated with it, then no rules will be generated for it. You can use ngcp-network to set up types and roles, or add your own custom rules for it in config.yml.
Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190402/bbb210a1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5585 bytes
Desc: not available
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190402/bbb210a1/attachment-0001.p7s>
More information about the Spce-user
mailing list