Opened 4 years ago

Last modified 2 years ago

#157 assigned defect

vuurmuur --bash enables /disables ip_forward and ip6_forward together

Reported by: Matthijs Kooijman Owned by: Victor Julien
Priority: minor Milestone: undecided
Component: vuurmuur Version: svn
Keywords: Cc:

Description (last modified by Victor Julien)

AFAIU from looking at the source, when you run vuurmuur normally, it enables ip_forward when ipv4 forwarding rules are present, and ip6_forward when ipv6 rules are present. However, when running with --bash, this piece of code runs:

        /* post rules: enable logging */
        if(post_rules(debuglvl, &vctx->conf, NULL, &vctx->iptcaps, forward_rules, VRMR_IPV4) < 0)
            return(-1);
    #ifdef IPV6_ENABLED
        if(post_rules(debuglvl, &vctx->conf, NULL, &vctx->iptcaps, forward_rules, VRMR_IPV6) < 0)
            return(-1);
    #endif

Since this shares a single forward_rules flag for both ipv4 and ipv6, this causes different behaviour when running with --bash or without --bash.

Change History (1)

comment:1 Changed 2 years ago by Victor Julien

Description: modified (diff)
Status: newassigned
Note: See TracTickets for help on using tickets.