Hi,
On 29 Dec 2020, at 12:19, Matthias Fischer matthias.fischer@ipfire.org wrote:
On 29.12.2020 11:22, Michael Tremer wrote:
Hi,
Hi,
On 28 Dec 2020, at 14:48, Matthias Fischer matthias.fischer@ipfire.org wrote:
I had these already used in my previous DNS/NTP-patch, that's why I missed them.
That’s what I thought.
;-)
But I do not understand how we can change the label on the button, because it does not restart the firewall and we unfortunately cannot do that here.
I wanted to keep the 'Save' button in case the user wants to make additional changes. After choosing 'Save' the usual errormessage/notice appears. But it should be clear that clicking 'Save' is NOT enough for the DNS/NTP changes to take effect. This could be adapted to read 'For changes to take effect you have to choose Save and Restart', e.g.
The problem with the DNS/NTP rules was that the usual error message leads to the firewall GUI, where clicking 'Apply changes' (only) triggers '/usr/local/bin/firewallctrl' which is not enough in this case. The DNS/NTP rules are not applied. Since they reside in '/etc/rc.d/init.d/firewall', the execution of '/etc/rc.d/init.d/firewall restart' is needed here.
So I added a *second* button ('Save and Restart') which triggers a *complete* re*start* of the firewall rules. And because of that I needed the new binary 'optionsfwctrl' which does the job.
As far as I can see, adding this 'Restart'-functionality avoids a (former needed) complete reboot if you changed some options on 'optionsfw.cgi'. Thats how I interpret the message 'Some options need a reboot to take effect'. Which options are these, anyway?
I hope I could make myself clear...?
Yes you did, but this still doesn’t work.
There are plenty of temporary rules that are being created and which simply will get lost after restarting the firewall. Mainly this affects IPsec, but also QoS.
So you will kill all IPsec tunnels unless those are being shut down and brought up again.
Also the command was not part of this patch, so the button does not do what it says it would be doing.
-Michael
This would probably be more confusing. Is your intention to have the firewall restart entirely at this point when the user clicks the button?
Yes - that is what must be done now by adding or deleting the DNS/NTP-rules.
Best, Matthias
-Michael
Now added for 'next' and the 'centered buttons' patch.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 2 files changed, 2 insertions(+)
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 87181c184..9d403b883 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1110,6 +1110,7 @@ 'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen', 'fw settings remark' => 'Anmerkungen in Regeltabelle anzeigen', 'fw settings ruletable' => 'Leere Regeltabellen anzeigen', +'fw settings save and restart' => 'Speichern und Neustart', 'fwdfw ACCEPT' => 'Akzeptieren (ACCEPT)', 'fwdfw DROP' => 'Verwerfen (DROP)', 'fwdfw MODE1' => 'Alle Pakete verwerfen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 625c6899f..476d3304c 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1136,6 +1136,7 @@ 'fw settings dropdown' => 'Show all networks on rulecreation site', 'fw settings remark' => 'Show remarks in ruletable', 'fw settings ruletable' => 'Show empty ruletables', +'fw settings save and restart' => 'Save and Restart', 'fwdfw ACCEPT' => 'ACCEPT', 'fwdfw DROP' => 'DROP', 'fwdfw MODE1' => 'Drop all packets', -- 2.18.0