From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bernhard Bitsch To: development@lists.ipfire.org Subject: Re: IPFire 2.27 - Core Update 160 released Date: Wed, 06 Oct 2021 14:12:33 +0200 Message-ID: <73940019-1604-89d3-ec18-e1a0a9041fe3@ipfire.org> In-Reply-To: <7605f0da8a920d67a569c9821d0a7c44@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5155521558666217225==" List-Id: --===============5155521558666217225== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, Am 06.10.2021 um 12:04 schrieb Daniel Weism=C3=BCller: > Hello > I have also had a look at this. > There are now two Wiki pages on this topic. > - A general one (https://wiki.ipfire.org/configuration/firewall/rules/redir= ect-services). > - A very specific one for DNS redirect (https://wiki.ipfire.org/configurati= on/firewall/dns). >=20 This is true, but the first page can't be found by a normal research in=20 the wiki. > Since core160 the general method works. This is equivalent to the method 1 = described on the specific page. >=20 > Following the general instructions, I have created a few firewall rules to = redirect DNS, DoT and NTP. > This works very well now. >=20 > In general, I think that general instructions are always better than specif= ic step-by-step instructions. >=20 Agreed. > In my eyes, the described method 2, which had to be taken as a temporary so= lution, is therefore obsolete. In addition, pure blocking can lead to some de= vices no longer working. > =20 Having implemented the second method until now, I can see a difference. Label 'DNAT' in the logging isn't nice. 'REDIRECT' would be more helpful. If I define a rule for NTP, I get two log entries ( one with 'DNAT', one=20 with 'INPUTFW' ). A similiar rule for DNS produces one log message only. - Bernhard > Do you see it the same way? >=20 >=20 > - > Daniel >=20 > 5. Oktober 2021 22:10, "Bernhard Bitsch" schrieb: >=20 >> Hi all, >> >> Thanks. >> So it was only a misunderstanding. I thought, there would be options to re= direct DNS requests and >> NTP requests. >> But this 'any port solution' is much mightier. >> I'll try to convert my actual firewall.local solution to the main stream a= nd report about the >> results. >> >> Regards, >> Bernhard >> >> Am 05.10.2021 um 18:28 schrieb Michael Tremer: >> >>> Hello, >>> Simply using -j REDIRECT. >>> This was always part of the firewall engine, but the UI was broken and di= d not allow to create >>> these rules. >>> -Michael >>> On 5 Oct 2021, at 14:55, Bernhard Bitsch wrote: >>>> Just a question. How is the activation of redirection implemented? >>>> >>>> Am 05.10.2021 um 12:45 schrieb IPFire Project: >>> >>> IPFire Logo >>> there is a new post from Michael Tremer on the IPFire Blog: >>> *IPFire 2.27 - Core Update 160 released* >>> This is the release announcement for IPFire 2.27 - Core Update 160. >>> It comes with a large number of bug fixes and package updates and >>> prepare for removing Python 2 which has reached its end of life. >>> Click Here To Read More >>> The IPFire Project >>> Don't like these emails? Unsubscribe . --===============5155521558666217225==--