KN-1210 Firewall Problem

[stps2]

Hi there

I've got the Keenetic 4G with the latest firmware.

I have enabled firewall for Home segment. The default  rule is deny TCP/UDP.

DNS requests (UDP 53) are permitted. However this is not working (timeout on nslookup from clients).

If I disable the Deny UDP rule, DNS requests are working.

What is wrong?

 

Edited October 11, 2022 by stps2

[Le ecureuil]

Please provide self-test for investigation.

[stps2]

Self-test results was attached, but rejected by forum Administrator.

[stps2]

Is there an alternative way to provide self-test results?

[admin]

44 minutes ago, stps2 said:

Self-test results was attached, but rejected by forum Administrator.

Accepted. Your post is hidden just in case it contains sensitive information. Still visible to @Le ecureuil 

[stps2]

Also I've figured out that if I create an upper rule like 'Permit / UDP / Source IP: client IP / Source Port: Any / Destination IP: Any / Destination Port: Any", everything works.

So it is a bug that the rule mechanism does not take matter of destination IP address and port + Protocol, only Protocol (in case of UDP)

I've got an old deprecated model ZyXel / Keenetic Lite III with the same rule set, and it does not have this bug.

Can I contact the vendor support to fix this bug?

[stps2]

?

[stps2]

??

[stps2]

???

[stps2]

?????

[iCurious]

У меня похожая проблема, но на KN-3810. Я хочу на сегмент сети запретить все UDP/TCP соединения и разрешить только определенные хосты (сайты). Сделал в настройках firewall нужного мне сегмента сети похожие настройки и если включаю DenyAll UDP, то у меня перестают работать DNS не смотря на то, что есть правило Allow UDP 53.

Есть ли какие то апдейты по этой теме? Почему оно не работает?