Dear List,
Please take this version.
I gave you wrong information:
The directory needed must be /var/ipfire/fwhosts
Sorry ;-)
Hi Alex
I'll test it a bit but I have a little wish for the future.
Could you please include the information in which folder the files are which we have to replace with your files. It would be nearly perfect if you include the structure in your tar-file. ;-)
And if we have to do further things like (perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang") please tell us, too.
Thanks - Daniel
Am 12.11.2012 16:14, schrieb Alexander Marx:
Dear List,
Please take this version.
I gave you wrong information:
The directory needed must be /var/ipfire/fwhosts
Sorry ;-)
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
Hello, after i have added a new directory to /var/ipfire/ named fwhosts with user permissions nobody.nobody 644, i have copied the 50-firewall.menu into it (same permissions) and have included the fwhosts.cgi to /srv/web/ipfire/cgi-bin with root.root 755, i copied the de.pl and en.pl to /varipfire/langs with root.root 644 and made, as Daniel mentioned it, a "perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" and so i was able to access the new fwhosts.cgi .
- I have tried now to apply a "New net" after pressing the save button the WUI gives me an 0.0.0.0 IP address back, so it seems that there is no function at this time. Also it seems like there is only DDN notation possible, a try with CIDR gives me an Invalid IP or subnet! back.
- I can only switch back to the main menu by clicking the refresh button cause there is no button which makes it possible to get to the other menus "New host" or "New group".
- The "New host" section doesn´t save my entries, and returns a blank WUI also the customhosts WUI/file are empty too.
- I´am not sure how does the fwhosts.cgi works. So you can define "New nets", "New hosts" and "New groups". So my thinking is that this defines the remote side. The local networks will be defined over "Standard networks" cause i see there green, orange etc. and also OpenVPN ? By the way OpenVPN uses for N2N´s and RW´s more then one tun interface so if i use OpenVPN do i control all OpenVPN connections by one rule (tun+) ? So the ccd file will loose his benefit.
- Where can i control the IPTable chains FORWARD, INPUT, .... , and the DROP or ACCEPT, REJECT, ... ? Will there be also ports, protocols available or logging or date options for the future available ?
So you mentioned it before this is an early code version so i think you are in the design process to find a good structure and i won´t expect too much, but at this time the overview aren´t that intuitive and also divided in a lot of different windows which is for me at this time not really understandable where to control what. Also it is very different to the existing *fw.cgi´s which might be elaborate to understand for the users.
May it is an idea if you make a small explanation which pattern you imagine for the functionalities of this FW mode, so it is not too hard to understand your intend.
But the general idea is very nice i think.
Greetings
Erik
Am 13.11.2012 um 10:30 schrieb Daniel Weismüller:
Hi Alex
I'll test it a bit but I have a little wish for the future.
Could you please include the information in which folder the files are which we have to replace with your files. It would be nearly perfect if you include the structure in your tar-file. ;-)
And if we have to do further things like (perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang") please tell us, too.
Thanks
- Daniel
Am 12.11.2012 16:14, schrieb Alexander Marx:
Dear List,
Please take this version.
I gave you wrong information:
The directory needed must be /var/ipfire/fwhosts
Sorry ;-)
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
-- __________________________________________
You need a firewall? Easy to use? Powerful? Modular? For free?
www.ipfire.org An Open Source Firewall Solution _______________________________________________ Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
Am 13.11.2012 18:55, schrieb Erik K.:
Hello, after i have added a new directory to /var/ipfire/ named fwhosts with user permissions nobody.nobody 644, i have copied the 50-firewall.menu into it (same permissions) and have included the fwhosts.cgi to /srv/web/ipfire/cgi-bin with root.root 755, i copied the de.pl http://de.pl and en.pl http://en.pl to /varipfire/langs with root.root 644 and made, as Daniel mentioned it, a "perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" and so i was able to access the new fwhosts.cgi .
- I have tried now to apply a "New net" after pressing the save button
the WUI gives me an 0.0.0.0 IP address back, so it seems that there is no function at this time. Also it seems like there is only DDN notation possible, a try with CIDR gives me an Invalid IP or subnet! back.
- I can only switch back to the main menu by clicking the refresh
button cause there is no button which makes it possible to get to the other menus "New host" or "New group".
- The "New host" section doesn´t save my entries, and returns a blank
WUI also the customhosts WUI/file are empty too.
- I´am not sure how does the fwhosts.cgi works. So you can define "New
nets", "New hosts" and "New groups". So my thinking is that this defines the remote side. The local networks will be defined over "Standard networks" cause i see there green, orange etc. and also OpenVPN ? By the way OpenVPN uses for N2N´s and RW´s more then one tun interface so if i use OpenVPN do i control all OpenVPN connections by one rule (tun+) ? So the ccd file will loose his benefit.
- Where can i control the IPTable chains FORWARD, INPUT, .... , and
the DROP or ACCEPT, REJECT, ... ? Will there be also ports, protocols available or logging or date options for the future available ?
So you mentioned it before this is an early code version so i think you are in the design process to find a good structure and i won´t expect too much, but at this time the overview aren´t that intuitive and also divided in a lot of different windows which is for me at this time not really understandable where to control what. Also it is very different to the existing *fw.cgi´s which might be elaborate to understand for the users.
May it is an idea if you make a small explanation which pattern you imagine for the functionalities of this FW mode, so it is not too hard to understand your intend.
But the general idea is very nice i think.
Greetings
Erik
Hi!
The Firewall Group Extension is no Firewall WUI! It is just another module that i need for developing the Firewall WUI. It is just a possibility to manage HOSTS, NETWORKS and put them together in GROUPS. Thats all. (ok no much sense about that at the moment, eh?) I want to have something, where i can say: host EDV-1 is 192.168.0.5. And later in the firewall WUI you can select "EDV-1" from a dropdown list as source or target. Also you can say: I Have NETWORK PRINTERS which has 172.16.2.0/24 and later in the Firewall WUI you can select that net from a dropdownlost as source or target. That is the sense of the firewall Groups.
I plan to have a table in the firewall wui, where all Rules are listed. And when using these spelling names, you can easier see, what the firewall does. Example:
IFACE SOURCE LOG IFACE TARGET REMARK
Any EDV-1 no ANY PRINTERS Edv-1is allowed to print
is better to read than that:
0.0.0.0 192.168.0.5 no 0.0.0.0 172.16.2.0/24 Edv-1 is allowed to print
I will develop the firewall wui when the ccd extension and the firewall groups found their way into the core.
I know that the WUI is not working at the mom, i am still working on it. Maybe i will send a new package tomorrow.
Hope to clarify things a bit.
Thank you for testing!
Alex