Bug 11932

Summary: traffic to RED is dropped directly after booting
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Assigned to nobody - feel free to grab it and work on it <nobody>
Status: NEW --- QA Contact: Peter Müller <peter.mueller>
Severity: Major Usability    
Priority: Will only affect a few users CC: adolf.belka, alexander.marx, arne.fitzenreiter, michael.tremer, stefan.schantl
Version: 2Flags: adolf.belka: needinfo+
Hardware: all   
OS: All   
See Also: https://bugzilla.ipfire.org/show_bug.cgi?id=11917

Description Peter Müller 2018-11-09 17:45:55 UTC 
On several IPFire systems, I use to limit outgoing DNS traffic. (DNS, in fact, is considered a low-risk protocol. It certainly is not.)

Only traffic to the used upstream nameservers are allowed (restricted to port 53 TCP & UDP). Source is set to "firewall|all interfaces". So far, so good.

If the source is changed to "firewall|RED", DNSSEC validation is disabled after reboot (as described in #11917) because test_name_servers() in /etc/init.d/unbound fails to reach any of the servers.

This sounds like outgoing packages from RED are dropped because of an unknown reason directly after (re)booting the machine. The bug can be reproduced by following the steps above.
Comment 1 Adolf Belka 2024-01-12 11:46:46 UTC 
Is this bug still valid?