Opened 11 months ago

Last modified 6 months ago

#542 assigned defect

Firewall Rule opens all TCP and UDP ports, it should only open the ports in use

Reported by: TommyTheKid Owned by: mickem
Priority: 2 Milestone: future
Component: Core Version: 0.3.9
Severity: Bugs Keywords: firewall, security
Cc:

Description

It appears that by default the firewall rules that were inserted automatically by NSClient++ are very open. It opens ALL TCP and UDP ports. This is a security risk and as such, that feature should be disabled until it is fixed to at least only allow in the 3-ish default TCP ports, if not read the config file and allow in the specific ports that the NSC.ini needs.

Attachments (2)

NSClientUDPfwRule.png (17.7 KB) - added by TommyTheKid 11 months ago.
UDP Firewall Rule
NSClientTCPfwRule.png (17.9 KB) - added by TommyTheKid 11 months ago.
NSClient TCP Firewall Rule

Download all attachments as: .zip

Change History (4)

Changed 11 months ago by TommyTheKid

UDP Firewall Rule

Changed 11 months ago by TommyTheKid

NSClient TCP Firewall Rule

comment:1 Changed 11 months ago by mickem

  • Milestone set to 0.4.1
  • Owner changed from MickeM to mickem
  • Status changed from new to assigned

Makes sense I guess...
Perhaps I shall add a firewall exception to each server module so if you enable NRPE you get 5666 and if you enable NSCA (Server) you get 5667 and so on and so forth?

Michael Medin

comment:2 Changed 6 months ago by mickem

  • Milestone changed from 0.4.1 to future

Seems wix (or possibly MSI) has issues with this so moving this to future

Note: See TracTickets for help on using tickets.