Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: add test to confirm supervisor iptables firewall rules are applied #3395

Open
rcooke-warwick opened this issue Mar 25, 2024 · 1 comment
Open

tests: add test to confirm supervisor iptables firewall rules are applied #3395

rcooke-warwick opened this issue Mar 25, 2024 · 1 comment
Labels
os/tests

Comments

@rcooke-warwick
Copy link
Contributor

rcooke-warwick commented Mar 25, 2024
edited

To ensure issues like this don't happen again:

balena-os/balena-supervisor#2252

As this was a problem that occured due to incompatibility between supervisor and OS this test belongs here
@rcooke-warwick
Copy link
Contributor Author

rcooke-warwick commented Mar 26, 2024
edited

Checks must be made for these in the BALENA_FIREWALL chain from the host OS

~# iptables -L -vn -t filter
...
Chain BALENA-FIREWALL (1 references)
 pkts bytes target     prot opt in     out     source               destination
 3444  506K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
  228 14017 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type LOCAL
    0     0 ACCEPT     tcp  --  resin-vpn *       0.0.0.0/0            0.0.0.0/0            tcp dpt:48484
    0     0 ACCEPT     tcp  --  tun0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:48484
    0     0 ACCEPT     tcp  --  docker0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:48484
    0     0 ACCEPT     tcp  --  lo     *       0.0.0.0/0            0.0.0.0/0            tcp dpt:48484
    0     0 ACCEPT     tcp  --  supervisor0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:48484
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:48484 reject-with icmp-port-unreachable
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22222
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2375
  439 38843 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    7   588 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  balena0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
   22  5010 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
os/tests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rcooke-warwick