Bug 11932 - traffic to RED is dropped directly after booting
Summary: traffic to RED is dropped directly after booting
Status: NEW
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all All
: Will only affect a few users Major Usability
Assignee: Assigned to nobody - feel free to grab it and work on it
QA Contact: Peter Müller
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-09 17:45 UTC by Peter Müller
Modified: 2018-11-09 17:46 UTC (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2018-11-09 17:45:55 UTC
On several IPFire systems, I use to limit outgoing DNS traffic. (DNS, in fact, is considered a low-risk protocol. It certainly is not.)

Only traffic to the used upstream nameservers are allowed (restricted to port 53 TCP & UDP). Source is set to "firewall|all interfaces". So far, so good.

If the source is changed to "firewall|RED", DNSSEC validation is disabled after reboot (as described in #11917) because test_name_servers() in /etc/init.d/unbound fails to reach any of the servers.

This sounds like outgoing packages from RED are dropped because of an unknown reason directly after (re)booting the machine. The bug can be reproduced by following the steps above.