I've installed fwcloud-agent on a almalinux 8.8, agent is wcloud-agent-1.3.1-1.x86_64
During boot the fwcloud systemd unit file hangs forever.
What i've notice:
1) there is no timeout in the unit, meaning that the unit does not exit and let the system hangs
2) the after and want parameters are...
Hi, After this log:
[Jan10 09:20] RULE ID 874 [REJECT] IN=ens192 OUT= MAC=00:50:56:a4:16:d2:aa:00:00:18:8f:2e:08:00 SRC=172.16.1.109 DST=172.16.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=23244 DF PROTO=TCP SPT=41230 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
I'm not too sure it would be a fortigate's...
Thx, what are the risks to convert the firewall to "stateless" ? i'm just using fwcloud as host firewall so maybe I could disable the stateful feature.
WCloud.net - Loading firewall policy generated: Mon Jan 09 2023 18:09:27 GMT+0100 (Central European Standard Time)
# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
# Warning: ip6tables-legacy...
One interesting thing i've noted:
1) every firewall vm is behind a "real" firewall (fortinet or watchguard) , so to reach the fwcloud firewall (aka the vm) one should traverse the "real" firewall
(please excuse me to use the term "real" , it's just for simplicity)
2) so test1: go from my lan to...
ip a output:
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP>...
I've created the rule to target more specifically the issue:
1) rule 1: permit port (eg: 443 tcp on the interface xyz
2) rule 2: deny all in on interface xyz
But the same happens with default catchall rule.
The firewall is stateful (aka: on the firewall option i specify stateful), i've not...
Another strange issue related to another hosts
Simple rule to permit inbound port 4343 tcp.
The kernel logs denied (catchall rule) even if in reality is not blocked.
Same issue for port 443 on another hosts
This kingd of behaviour is "cross" hypervisor, happens both on proxmox and on vmware , on...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.