Hello Alexander, some questions for installation. You wrote "and delete any old configuration from /var/ipfire/forward" but this directory does not exist. Until there i got an "Internal Server Error" for the forwardfw.cgi . May i have only overlooked your note in a previous mail. Anyway i integrated it with a mkdir /var/ipfire/forward && chown nobody.nobody /var/ipfire/forward and so i was able to access the forwardfw.cgi .
The rest of the files have the following permissions: In /srv/web/ipfire/cgi-bin : -rwxr-xr-x 1 root root 61612 2012-12-08 10:43 forwardfw.cgi -rwxr-xr-x 1 root root 72254 2012-12-08 10:44 fwhosts.cgi
in var/ipfire/addon-lang : -rw-r--r-- 1 root root 2143 2012-12-08 10:44 forwardfw.de.pl -rw-r--r-- 1 root root 2057 2012-12-08 10:44 forwardfw.en.pl -rw-r--r-- 1 root root 3756 2012-12-08 10:44 fwhosts.de.pl -rw-r--r-- 1 root root 3465 2012-12-08 10:44 fwhosts.en.pl
In /var/ipfire/mneu.d : -rw-r--r-- 1 nobody nobody 2099 2012-12-08 10:45 50-firewall.menu -rw-r--r-- 1 nobody nobody 933 2012-12-08 10:45 icmp-types
So if this are the right permissions this is may helpful for other testers, otherwise Alexander let it me know if they are wrong...
For the first fast overview i want to report somethings in fwhosts.cgi : In firewall groups - new - If i enter a valid MAC address i get an,
Software error: Bad arg length for Socket::inet_ntoa, length is 0, should be 4 at /var/ipfire/general-functions.pl line 313. For help, please send mail to the webmaster (root@localhost), giving this error message and the time and date of the error.
- So this was maybe your intend but i want to report it anyway, if i enter the whole green subnet in "firewall groups - new", i get the error message "This is the green subnet". But if i enter only a part of the green subnet e.g. with a /30 subnet it works. So i think this bug is a feature ;-) so it is possible that i can add additional parts of the "Standard Networks" in "Networks" to add them in the "custom groups". Nevertheless one problem exists in here, for this part of the green subnet, there is no thrash button in the "custom networks" entry, so i´m not able to delete it.
firewall groups - new --> in "Service" - The sidemenu is missing. - There is no "Add" or "Back" button. - There is no "ICMP type:" available. - Causing of the above problem, i was not able to test the "Service grouping".
In "Address grouping" - If i add an new OpenVPN client with a dynamic IP (an OpenVPN client) he does not appear in the "Address grouping" section under the flip menu. --> Have not test it yet with "IPSec networks/clients".....
- If i delete rules in the "custom groups:" section, i get an error message Reread rules here... what does that mean ?
A design thing: The first look on fwhosts.cgi can be a little hard to understand what functions are behind each button and which section is for what. What are you thinking about to explain with some very small introductions ? This can also be solved over the wiki, but i want to leave this comment as a suggestion.
So thats it for the first on "firewall groups - new"
-----------------------------------------------
The forwardfw.cgi
- There is no sidemenu or a save/back or cancel button available, so it is a little bit difficult to go for some more testing rounds. - In here i have also no ICMP infos in the ICMP type:" field. - The flip menu "Port(s) manual" contains TCP, UDP, GRE and ICMP. What do you thinking about to add ESP and also ALL (for no regimentation) ?
So let me say, Alexander for me your new work looks very promising, there is a lot of potential in it.
Greetings
Erik
Am 08.12.2012 um 07:58 schrieb Alexander Marx:
Dear List!
Attached you find the latest package for the new forward firewall and firewall-groups.
You can not damage anything, the modules just fill some txt-files.no real ruleprocessing now!
files go to:
all from cgi-bin /srv/web/ipfire/cgi-bin/ all from addon-lang /var/ipfire/addon-lang/ 50-firewall.menu goes to /var/ipfire/menu.d
icmp-types goes to /var/ipfire/fwhosts.
after that rebuild Languagefiles and delete any old configuration from /var/ipfire/forward and /var/ipfire/fwhost (Here do not delete icmp-types!)
Test it and give feedback.
Thank you
Alex <Firewall-08-12-2012.tar.gz>_______________________________________________ Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development