Flow rules for managed routes

Chura · May 3, 2022, 2:09pm

Hi

I have managed route configured
and I try to implement flow rules
not matter what I do, i get blocked unless I configured them to accept all.
My guess is that accept action kind of break the “redirect” of the managed route.

What am I missing ?

The managed router is 192.168.192.0/24

#
# Allow access to relevant servers and services
#
accept ipprotocol tcp ipdest 192.168.192.104/32 dport 81;
accept ipprotocol tcp ipdest 192.168.192.106/32 dport 8080-8086;
accept ipprotocol tcp ipdest 192.168.192.105/32 dport 5000 or dport 9000 or dport 9001;
accept ipprotocol rdp ipdest 192.168.192.100/32;
#
# Drop All
#
drop;

zt-grant · May 3, 2022, 3:43pm

Hey there. Flow rules aren’t your standard stateful firewall. What your rules are telling the ZT network is that ONLY packets going to the hosts in your ruleset are allowed. What about the return packets FROM those servers/services? As your ruleset exists right now, those return packets are not allowed. That’s why you’re seeing traffic cut off

system · June 2, 2022, 3:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.