Am 13.11.2012 18:55, schrieb Erik K.:
Hello,
after i have added a new directory to /var/ipfire/ named fwhosts with user permissions nobody.nobody 644, i have copied the 50-firewall.menu into it  (same permissions) and have included the fwhosts.cgi to /srv/web/ipfire/cgi-bin with root.root 755, i copied the de.pl and en.pl to /varipfire/langs with root.root 644 and made, as Daniel mentioned it, a "perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" and so i was able to access the new fwhosts.cgi .
 
- I have tried now to apply a "New net" after pressing the save button the WUI gives me an 0.0.0.0 IP address back, so it seems that there is no function at this time. Also it seems like there is only DDN notation possible, a try with CIDR gives me an Invalid IP or subnet!  back. 

- I can only switch back to the main menu by clicking the refresh button cause there is no button which makes it possible to get to the other menus "New host" or "New group". 

- The "New host" section doesn´t save my entries, and returns a blank WUI also the customhosts WUI/file are empty too.

- I´am not sure how does the fwhosts.cgi works. So you can define "New nets", "New hosts" and "New groups". So my thinking is that this defines the remote side. The local networks will be defined over "Standard networks" cause i see there green, orange etc. and also OpenVPN ?
By the way OpenVPN uses for N2N´s and RW´s more then one tun interface so if i use OpenVPN do i control all OpenVPN connections by one rule (tun+) ? So the ccd file will loose his benefit.

- Where can i control the IPTable chains FORWARD, INPUT, .... , and the DROP or ACCEPT, REJECT, ... ? Will there be also ports, protocols available or logging or date options for the future available ?

So you mentioned it before this is an early code version so i think you are in the design process to find a good structure and i won´t expect too much, but at this time the overview aren´t that intuitive and also divided in a lot of different windows which is for me at this time not really understandable where to control what. Also it is very different to the existing *fw.cgi´s which might be elaborate to understand for the users.

May it is an idea if you make a small explanation which pattern you imagine for the functionalities of this FW mode, so it is not too hard to understand your intend.

But the general idea is very nice i think.

Greetings


Erik

Hi!

The Firewall Group Extension is no Firewall WUI! It is just another module that i need for developing the Firewall WUI. It is just a possibility to  manage HOSTS, NETWORKS and put them together in GROUPS. Thats all. (ok no much sense about that at the moment, eh?)
I want to have something, where i can say: host EDV-1 is 192.168.0.5.  And later in the firewall WUI you can select "EDV-1" from a dropdown list as source or target. Also you can say: I Have NETWORK PRINTERS  which has 172.16.2.0/24  and later in the Firewall WUI you can select that net from a dropdownlost as source or target. That is the sense of the firewall Groups.

I plan to have a table in the firewall wui, where all Rules are listed. And when using these spelling names, you can easier see, what the firewall does.
Example:

IFACE     SOURCE     LOG       IFACE      TARGET          REMARK

Any       EDV-1        no         ANY         PRINTERS          Edv-1is allowed to print


is better to read than that:


 0.0.0.0    192.168.0.5    no    0.0.0.0     172.16.2.0/24     Edv-1 is allowed to print


I will develop the firewall wui when the ccd extension and the firewall groups found their way into the core.


I know that the WUI is not working at the mom, i am still working on it. Maybe i will send a new package tomorrow.

Hope to clarify things a bit.

Thank you for testing!


Alex