Am 09.06.2013 um 13:58 schrieb Thomas Berthel:
I meant in this section --> http://wiki.ipfire.org/de/optimization/vlan/start#iptables_uebersicht are only spts: to be seen, but no dpts: in the rules you define "--dports 993,995,110,587,465" but they are listed as "spts:" (source ports) for example i have in the iptables -L listing for Mail something like this RETURN tcp -- 192.168.7.0/24 anywhere multiport dports imaps,urd,submission,pop3s,smtp TIME from 00:00:00 to 00:00:00 UTC so the dports are specified. I can´t find something like that in your iptables -L listing.
Ah. I'm using dport for single port (dpts:52 for DNS) an multiport dports for more destination ports, is this not okay?
O.K. my bad have overseen it.
So you have allowed only unprivileged ports as a source port, but isn´t it that the case per default anyway ? Or do you regard a security method with this ? So i´am also not sure with this, but if you define only --dports isn´t it the same behavior anyway with the source port then you defined it ?
is this a default? Sorry, i don't now. Is that so wrong?
This was more a question then a statement ;-)
What rules do you use in Mode 1 ?
A lot of rules ;) I can't post it here... one snipp: DNS, Mail, Game-Ports, Whois, FTP, NTP and ssh for green, red and all interfaces.
But these rules are all double in my tables after the restart.
May it is because you define them in firewall.local also ? Did you try a complete reboot ?
Another problem is when I usually re-upload my FW mode 0 although the WUI shows me mode 1.
This is really strange, have no clue why this happens.
I have all my ports manually specified are no longer seen in the tables, only when I reboot the FW.
Have had the same issue since i was working a little bit with firewall.local. After modifications of firewall.local and stop|start|restart|reload tests the iptables -L listing shows me sometimes nothing in the CUSTOM chains. It seems that the best way is to reboot IPFire . Important to test this behavior with the new Firewall. I think in Core 69 (test image) the new FW is already implemented.
Ahh O.K. but is it possible to arrange rules for the VLAN interfaces over the WUI (e.g. DMZ pinnholes, etc...) ? So maybe it is less complicated (especially for the explanations in the wiki) if all the rules which can be arranged over the WUI will be set in that way ? MIght be nice if you can go for a try . So also if the outgoing FW will be configured, i think the CUSTOMFORWARD rules are defined then in the FORWARD and OUTPUT chains.
I just tested it on wui and FW mode 1 do not apply the rules. It seems as if for wireless (blue) and the rule come from a different direction no matter what is stored in the WUI.
Which rules did you try to edit ?
Documentation mailing list Documentation@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/documentation