Firewall GUI not working??

Permissions, domain/LDAP, power, security, notification and more.
Locked
User avatar
emilioah
Posts: 4
Joined: 03 Dec 2020, 07:22

Firewall GUI not working??

Post by emilioah »

Hello,
I'm trying to configure the firewall to block connections to some services from all IPs and permit only certain addreses.
When I try to add an "accept" rule for only one IP, a subnet or an IP range, the application only allow to choose "All" ports in the next step and return an error "Configuration failed" when saving the rule.

The only configuration that I can save is to accept ALL IPs and ALL Ports.

This doesn't happen when creating "reject" rules. I can create reject rules without any problem, but the the best way to ensure security is setting the default policy to DROP, and allow only the IPs that you want. Is this configuration working in your devices?

Regards :D

My device data:
F5-221, TOS v4.1.30-2008051459
User avatar
emilioah
Posts: 4
Joined: 03 Dec 2020, 07:22

Re: Firewall GUI not working??

Post by emilioah »

Just updated to 4.2.07 and the same problem :(
User avatar
TMSupport
TerraMaster Team
Posts: 2314
Joined: 13 Dec 2019, 15:15

Re: Firewall GUI not working??

Post by TMSupport »

That's the rule here, when the firewall rule is set as "accept", you cannot specify the exact ports, all ports should be allowed otherwise it may cause many issues such as unusable TOS system or other services.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
emilioah
Posts: 4
Joined: 03 Dec 2020, 07:22

Re: Firewall GUI not working??

Post by emilioah »

Ok to the ports part, but the behaviour is the same if i choose "all ports" and I apply this accept rule to certain IPs (unique IP, subnet or IP range).

Accept rules only work if "all ips" and "all ports" are chosen? Is this correct?

Looking at the iptables configuration script I understand that if one or more accept rules are saved, the default policy of iptables changes to DROP, and a set of default rules are applied to ensure LAN access. Then If the only accept rule that I can save is accepting all IPs and all ports.

How can i restrict NAS access to only certain secure external IPs?

Thanks for your answer!
User avatar
emilioah
Posts: 4
Joined: 03 Dec 2020, 07:22

Re: Firewall GUI not working??

Post by emilioah »

I found a way to cheat GUI and make firewall do what I want.

1. Write an accept rule to protect LAN access: 192.168.1.0/255.255.255.0 <- Change if your LAN is another
2. Write a reject rule for every IP address that you want to allow.. (yes, a reject rule!!!).
3. Log in the NAS as root using ssh.
4. Edit /etc/firewalld/iptables.conf and replace DROP for ACCEPT in the rules written in step 2.
5. Reload the firewall running: "sh /etc/firewalld/iptables_security.sh"

These rules are correctly shown the firewall GUI.

...If you are comfortable with vi and understand the content of this file, you can write down your own rules directly.

Do this configuration at your own risk!! This is not recommended as you are modifying the default behaviour of TOS firewall.
User avatar
xustis
Posts: 2
Joined: 16 Mar 2021, 01:58

Re: Firewall GUI not working??

Post by xustis »

emilioah wrote: 05 Dec 2020, 00:14 I found a way to cheat GUI and make firewall do what I want.

1. Write an accept rule to protect LAN access: 192.168.1.0/255.255.255.0 <- Change if your LAN is another
2. Write a reject rule for every IP address that you want to allow.. (yes, a reject rule!!!).
3. Log in the NAS as root using ssh.
4. Edit /etc/firewalld/iptables.conf and replace DROP for ACCEPT in the rules written in step 2.
5. Reload the firewall running: "sh /etc/firewalld/iptables_security.sh"

These rules are correctly shown the firewall GUI.

...If you are comfortable with vi and understand the content of this file, you can write down your own rules directly.

Do this configuration at your own risk!! This is not recommended as you are modifying the default behaviour of TOS firewall.
In my case when i do that, i cant conect to nas by browser. I am trying to add the ip of remote plex to access in other site :S
Scrums
Posts: 36
Joined: 26 Jan 2020, 20:34

Re: Firewall GUI not working??

Post by Scrums »

I stupidly edited my /etc/firewalld/iptables.conf without backing it up and now the GUI is saying the file is corrupt. Can someone supply me with a copy of their config file? Would be much appreciated. :roll:
Scrums
Posts: 36
Joined: 26 Jan 2020, 20:34

Re: Firewall GUI not working??

Post by Scrums »

Scrums wrote: 28 Mar 2021, 00:50 I stupidly edited my /etc/firewalld/iptables.conf without backing it up and now the GUI is saying the file is corrupt. Can someone supply me with a copy of their config file? Would be much appreciated. :roll:
Or can someone from support provide me with the default file?
Scrums
Posts: 36
Joined: 26 Jan 2020, 20:34

Re: Firewall GUI not working??

Post by Scrums »

Scrums wrote: 28 Mar 2021, 01:12
Scrums wrote: 28 Mar 2021, 00:50 I stupidly edited my /etc/firewalld/iptables.conf without backing it up and now the GUI is saying the file is corrupt. Can someone supply me with a copy of their config file? Would be much appreciated. :roll:
Or can someone from support provide me with the default file?
Never mind I fixed it by emptying the file and recreating my firewall rules. It was only after I realise that this file only holds my rules
Scrums
Posts: 36
Joined: 26 Jan 2020, 20:34

Re: Firewall GUI not working??

Post by Scrums »

Is this ever going to be fixed? :?: What of I want to allow access to some devices but only through a specific port? This seems a reasonable thing to want to do with the firewall.And I shouldn't have to use SSH to achieve this.
Locked