Related & Established

daeblip · 09-05-2011, 02:12 PM

I am used to creating all my firewalls rules from scratch at the command line and I cant seem to figure out something via the interface in untangle:

How do I get the equivalence of a block everything incoming except related/established rules in a typical iptables/netfilter rule set?

This is the part that gets me

:
Based off some scans of my firewall it doesnt appear this is the default setup. Setting a default rule of "block" results in all sites, including currently active ones, being blocked. ie: Suddenly I cant browse the untangle.com website.

For example:
iptables -P INPUT DROP
iptables -A INPUT -j HEAD
iptables -A HEAD -m state --state ESTABLISHED,RELATED -j ACCEPT

or similar such as on the FORWARD.

dmorris · 09-05-2011, 02:34 PM

That is the default setting if you chose "Router."

Are you talking about the firewall app? Those rules are run on new sessions, any subsequent packet in an already approved session is allowed.

Untangle is not iptables. If you want to muck with iptables I'd install linux.

drsminkus · 09-05-2011, 02:48 PM

Remember that if you have a default rule of block in the firewall module you also have to create a rule to allow traffic out from your LAN to the WAN. Browsing a website does not create a long-lived TCP session. Most HTTP TCP sessions last only long enough to download an HTML page or an image. So saying that changing the default rule stops websites that are being actively viewed is probably not the best test. Try putting in an allow for LAN to WAN and try changing the default rule to block.

dmorris · 09-05-2011, 02:54 PM

Also, hitting save in the firewall makes it re-evaluate the new rules against current sessions and reset them if they should be blocked.

We had to do this because people kept saying "ZOMG, firewall rules don't work!!!!11"

sky-knight · 09-05-2011, 03:45 PM

Which now leads to ZOMG, Untangle just crashed my browser!?!?!?!!

Can't win on that one!

daeblip · 09-06-2011, 06:28 AM

Thanks for the info. I didnt realize that Untangle did not use iptables. Just made an arse of me by assuming. =) Was attempting to apply my understanding of the iptables/netfilter stacks I normally work with (conntrack with rule insertion/removal vs flush).

09-05-2011, 02:12 PM	#1 (permalink)
daeblip Newbie Join Date: Sep 2011 Posts: 6	Related & Established I am used to creating all my firewalls rules from scratch at the command line and I cant seem to figure out something via the interface in untangle: How do I get the equivalence of a block everything incoming except related/established rules in a typical iptables/netfilter rule set? This is the part that gets me : Based off some scans of my firewall it doesnt appear this is the default setup. Setting a default rule of "block" results in all sites, including currently active ones, being blocked. ie: Suddenly I cant browse the untangle.com website. For example: iptables -P INPUT DROP iptables -A INPUT -j HEAD iptables -A HEAD -m state --state ESTABLISHED,RELATED -j ACCEPT or similar such as on the FORWARD.

09-05-2011, 02:34 PM	#2 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 10,611	That is the default setting if you chose "Router." Are you talking about the firewall app? Those rules are run on new sessions, any subsequent packet in an already approved session is allowed. Untangle is not iptables. If you want to muck with iptables I'd install linux. __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

09-05-2011, 02:54 PM	#4 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 10,611	Also, hitting save in the firewall makes it re-evaluate the new rules against current sessions and reset them if they should be blocked. We had to do this because people kept saying "ZOMG, firewall rules don't work!!!!11" __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

09-05-2011, 03:45 PM	#5 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	Which now leads to ZOMG, Untangle just crashed my browser!?!?!?!! Can't win on that one! __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

Protect

Filter

Perform

Connect

Manage

Add-Ons

09-05-2011, 02:48 PM	#3 (permalink)
drsminkus Master Untangler Join Date: Aug 2011 Location: Buckhannon, WV Posts: 121	Remember that if you have a default rule of block in the firewall module you also have to create a rule to allow traffic out from your LAN to the WAN. Browsing a website does not create a long-lived TCP session. Most HTTP TCP sessions last only long enough to download an HTML page or an image. So saying that changing the default rule stops websites that are being actively viewed is probably not the best test. Try putting in an allow for LAN to WAN and try changing the default rule to block.

09-06-2011, 06:28 AM	#6 (permalink)
daeblip Newbie Join Date: Sep 2011 Posts: 6	Thanks for the info. I didnt realize that Untangle did not use iptables. Just made an arse of me by assuming. =) Was attempting to apply my understanding of the iptables/netfilter stacks I normally work with (conntrack with rule insertion/removal vs flush).