Hi Alexander,some questions,
- What do you think about to handle also the INPUT chain over the forwarding-firewall ? So this makes it also possible to regulate the access to IPFire (services), and the "Forwarding Firewall" can be a complete VPN-firewall, or should only this be made over the firewall.local ?
- What about the "Outgoing Firewall" ? Will there be also the possibility to handle the "IP groups" or "MAC groups" ?
- At this time i donīt understand why Mode 1 and Mode 2 are available in forwardfw.cgi. Cause if i add a "New rule", i have the possibilities over the "Rule action:" to choose "ACCEPT", "DROP" and "REJECT" (<-- nice to have it also) so i can permit or prohibit in here. So we have Mode 1 and 2 together. Also it makes no difference if use Mode 1 or 2 causing the same GUI result.
- What do you think about to add a SNAT option ?
- It could may a possibility to work with ":" or "," as a separator for "Use targetport" section, this makes it possible to add port groups (sequential ";" or concurrent "," in one rule) as in the "Outgoing firewall".
May a short docu handout might be great, so the documentation group have it easier to go for an appropriate wiki.
Sorry that i have no testing results at this time but i hope they will come soon ;-) .
As before i would like to say it looks like a very cool new feature for IPFire.
Greetings
Erik
Am 09.12.2012 um 13:52 schrieb Alexander Marx:
Dear list!
Latest Bugfixes and nearly ready. Please take a look and try it
out.
Files go to:
all from cgi-bin
/srv/web/ipfire/cgi-bin/
all from addon-lang /var/ipfire/addon-lang/
all from menu.d /var/ipfire/menu.d/
icmp-types goes /var/ipfire/fwhosts/
Alex
<Firewall-09.12.2012.tar.gz>_______________________________________________
Development mailing list
Development@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development