From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: Re: Forcing all DNS traffic from the LAN to the firewall Date: Sun, 15 Nov 2020 14:36:01 +0100 Message-ID: <0bf6771a-5d03-762a-9244-1567dd500754@ipfire.org> In-Reply-To: <79177e1f-7be3-f088-2313-eff26c78a328@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4152402821924053444==" List-Id: --===============4152402821924053444== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hi, On 13.11.2020 17:57, Matthias Fischer wrote: > On 13.11.2020 15:23, Michael Tremer wrote: [Slightly shortened, kept the relevant parts] >> ... > >>> - Where (E.g: firewall init script, rules.pl, wirelessctrl.c, ...) >>> should the necessary iptables rules be processed? >>> [Some ideas how this could be done, but no "breakthrough". Current >>> option-settings are processed in several scripts. Which one to use!?] >> >> This would probably go into /etc/init.d/firewall. Sorry, but *which* line? I'm really not sure. I suppose somewhere after line 179f which read: ... iptables -t nat -N CUSTOMPREROUTING iptables -t nat -A PREROUTING -j CUSTOMPREROUTING ... I don't want to mess things up - especially in *this* script! We need an "if"-query to check for ON/OFF there, ok. But the more often I read this script the less sure I am where this code can be inserted best. Where? Hints? Besides, deactivating these rules would need a complete reboot!? Or do I overlook something? Because if this should be the case then on the firewall options page the entries that require a restart should be *marked* to make things easier and more clearly. Otherwise you switch ON <-> OFF or vice versa without *really* realising that your changes "need a reboot". The notice "Some options need a reboot to take effect" is not sufficiently meaningful. "Some options..."!? Which? Best, Matthias --===============4152402821924053444==--