openmediavault iptables rules

  • Does anyone have an idea where openmediavault stores iptables rules configuration ?
    My iptables config from openmediavault is not working ver well like i want , i need to check up the config file but i dont know where it is stored .


    Also in new version of openmediavault , an option to configure interface in iptables will be usefull .

  • thanks for the tip .
    Openmediavault iptables is not working correctly .
    no matter if you configure firewall to not accept port 80 inputs from a specific ip range , the rule is not applyed .


    I will disable firewall rules from openmedia vault and i will create a startup script on rc.local to apply my own rules .
    The only bad thing is that everytime i need to open any port i have to create that new rule manually .

  • i will remove any rule created in omv and i will create a startup script specifically for iptables .
    I am not pretty sure if omv without any rules reconfigured if it will flush my iptables manually created rules .
    Maybe i should start the script after omv starts , and not in if-pre-up like i wanted .


    Openmediavault should had an option in configuration menu to select witch interface a specific rule should be applied .


    Is there any way to remove firewall options from omv ?

    • Offizieller Beitrag

    Do you really own the 1.1.1.1 IP address?

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!


  • my doubt is if i start my iprules script in pre-up network config , does openmediavault will flush them when it loads ?



    Zitat

    Do you really own the 1.1.1.1 IP address?


    yes , it is my second nic interface that i will use for local administration on webgui and all other services .
    on eth0 , witch is the one with 192.168.1.25 , is the one that have the gateway configured , and it will be this network nic that will open the specific ports for the services i need to open for the web .

  • exactly , you are right .
    i though that as long as destination port was 80 then no traffic pass thru .
    and interesting thing is on secure shell port .
    If i configure source port 22 then it pass thru , but if i remove source port then blocks the traffic .
    And you can use /24 as ip range .

  • but i problably will use my script instead due the fact that i am unable to implement protection attacks with the webgui .


    i am unable to implement these example rules on omv :

    Zitat

    -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
    -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP


    the problem is that omv have a specific xml file where all iptables rules are stored .
    If omv had a normal text file where i can add new rules then that would be excellent , the how it works it is not possible for me to do it .


    But thanks for solving this and helping me figure out what was going on .
    I problably will have to start my iptables script after omv loads , or my iptables rules will be flushed .

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!