Hi Alexander,
some questions, 
- What do you think about to handle also the INPUT chain over the forwarding-firewall ? So this makes it also possible to regulate the access to IPFire (services), and the "Forwarding Firewall" can be a complete VPN-firewall, or should only this be made over the firewall.local ? 

- What about the "Outgoing Firewall" ? Will there be also the possibility to handle the "IP groups" or "MAC groups" ?

- At this time i donīt understand why Mode 1 and Mode 2 are available in forwardfw.cgi. Cause if i add a "New rule", i have the possibilities over the "Rule action:" to choose "ACCEPT", "DROP" and "REJECT"  (<-- nice to have it also) so i can permit or prohibit in here. So we have Mode 1 and 2 together. Also it makes no difference if use Mode 1 or 2 causing the same GUI result.

- What do you think about to add a SNAT option  ?

- It could may a possibility to work with ":" or "," as a separator for "Use targetport" section, this makes it possible to add port groups (sequential ";" or concurrent "," in one rule) as in the "Outgoing firewall".

May a short docu handout might be great, so the documentation group have it easier to go for an appropriate wiki.

Sorry that i have no testing results at this time but i hope they will come soon ;-) .

As before i would like to say it looks like a very cool new feature for IPFire.

Greetings 

Erik

Am 09.12.2012 um 13:52 schrieb Alexander Marx:

Dear list!

Latest Bugfixes and nearly ready. Please take a look and try it out.

Files go to:

all from cgi-bin     /srv/web/ipfire/cgi-bin/
all from addon-lang  /var/ipfire/addon-lang/
all from menu.d      /var/ipfire/menu.d/
icmp-types goes                /var/ipfire/fwhosts/

Alex
<Firewall-09.12.2012.tar.gz>_______________________________________________
Development mailing list
Development@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development