Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Apr 2019
    Posts
    3

    Default Firewall unable to block icmp

    Hello everyone..
    We recently bought a new untangle appliance, and we are exploring it seriously..
    After several tests, me and a collegue of mine found a weird issue on the firewall app..
    We are unable to block pings.
    We even tried to force the block from any interface, to any interface.. result, all machines in tha lan can ping eachother.. if we use the native firewall, not the app... it works. Is this a bug??

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,673

    Default

    Block pings in Filter rules of networking. /admin/index.do#config/network/filter-rules

    Firewall app is for blocking layer 7 traffic.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,237

    Default

    It's not just the firewall app...

    Everything you see in the virtual racks, those only process TCP and UDP. That's by design. The Firewall app is no exception.

    If you need to control ICMP or other protocols you must use the filter.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    Apr 2019
    Posts
    3

    Default

    Thanks for your replies
    I will do as you say.
    I found it weird because the option is there.
    Maybe devs should remove the icmp option in this case.
    It's confusing this way!
    Thx!

  5. #5
    Newbie
    Join Date
    Apr 2019
    Posts
    3

    Default

    We also found that in the native filter, if a ping is already running and qe aply the rule in that moment, the ping still keeps running. Nothing is blocked. We need to stop the ping and start it again to see it blocked. this is a huge vulnerability imo. Does the untangle appliance has thue same behavior for every single protocol? Becouse if you
    have a worm in you network trying to.communicate with some server, and we aply one rule to block its traffic, we hope it is really blocked! If the traffic goes on it's a huge problem.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,237

    Default

    Sometimes sessions have to be terminated for new rules to be processed, if you force termination at rule change you're talking about killing Internet access for at time. If you want to do that, just go change an IP address on an interface somewhere, on application networking is forcibly reset. Or, you can reboot Untangle.

    My point is, in the current configuration the power is up to the admin. I remember the days when the firewalls would just nuke everything from orbit on every configuration change, it wasn't a good time.

    BTW, the firewall module will kill the stuff impacted by the rule, it's vastly more intelligent. It just cannot process anything but TCP or UDP.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2