Univention Bugzilla – Bug 43568
Define iptables rules via policies
Last modified: 2019-01-03 07:19:23 CET
A customer wants to define custom iptables rules via policies on several UCS machines. The current ruleset configurable via UCR variables is not sufficient since it is not possible to e.g. filter by source IP addresses. First idea: A new policy UDM module that stores iptables rules in LDAP that are written via listener module to e.g. /etc/security/packetfilter.d/40_policy_rules.sh
This solution would unburden the admin from copying custom 50_local.sh files to all affected machines.
There is a Customer ID set so I set the flag "Enterprise Customer affected".
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.