Author Topic: Enable/Disable/Edit Firewall Ports Feature Request  (Read 9428 times)

huh

  • Guru
  • ****
  • Posts: 245
    • View Profile
Enable/Disable/Edit Firewall Ports Feature Request
« on: March 15, 2013, 12:54:35 am »
Putting in a feature request to add "Edit" and "Disable" buttons to each line in Advanced->Firewall. 

Right now you can add the address to forward the ports, but to disable those (even temporarily) you need to delete the line.  Also, if you choose to change the address where a port is being forwarded, currently you must delete the existing and recreate the rule.  A edit option that made the cells editable and a radio button to reflect the enabled rules would be very helpful- similar to what's found on a typical residential router.

huh

  • Guru
  • ****
  • Posts: 245
    • View Profile
Re: Enable/Disable/Edit Firewall Ports Feature Request
« Reply #1 on: May 11, 2014, 01:07:33 am »
The new firewall page is cool- takes care of the things I asked for above. 

That said, how do you use it?  I have a fully updated 1204 system and went to add a new rule.  Selected IPv4 from the dropdown and entered the port I wanted forwarded- all good.  But, the boxes for entering the destination port and ip are not options to type into on Firefox 28.0 (kubuntu box) or rekong (0.9.1)- I haven't tried other browsers.  Even adding the rule and clicking edit doesn't let you modify the forward to port or the destination IP.

huh

  • Guru
  • ****
  • Posts: 245
    • View Profile
Re: Enable/Disable/Edit Firewall Ports Feature Request
« Reply #2 on: May 29, 2014, 03:07:57 am »
Albasco1702- going to try to catch you here rather then IRC as I think we're in vastly different timezones and I'm not sure if my client timed out before you finished your instructions.

What I saw you wrote was to use nat prerouting destination port.  So to forward incoming port 8090 to 80 on 192.168.80.2, I would do:
Quote
destinationport 8090:80 destination 192.168.80.2 ACCEPT

And then
Quote
forward destinationport 80 destinationip 192.168.80.2 ACCEPT

I'm guessing this all has to be done using the Advanced Firewall Settings option from the web admin.  Is the 1st part using eth1 (external nic) and the 2nd part using eth0 (external nic)?

Do you have plans of adding the ability to do this to the "simple" firewall version?

Alblasco1702

  • Regular Poster
  • **
  • Posts: 45
    • View Profile
Re: Enable/Disable/Edit Firewall Ports Feature Request
« Reply #3 on: May 29, 2014, 12:38:33 pm »
I have worked on the options on the Firewall to edit rules and to disable/enable rules,
on this moment is edit not working and is there fore on development.
If the checkbox before the rule is checked the rule becomes red on the rules list this means the rule is disabled/suspended.
when you check or uncheck the checkbox the page is automaticly reloaded and the change is made to the rule set.
when the checkbox before the rule is not checked the rule is active again.
there are some rules on the firewall that are automatic enabled/disabled like the rules for VPN-clients,
when a client is not connected the rule is automaticly disabled when the client is active the rule became active only if the checkbox before the rule is not checked, this rules have another active/disabled administrative setting for the system only this can't be set by person.
for now i found a bug for forward in combination with nat-prerouting,
and for now 2 rules needed to be set with nat-prerouting one for nat-prerouting,
and one for INPUT or FORWARD i'm working on a fix what set those rules automaticly when nat-prerouting is selected.
when the firewall is ready there will be an wiki page for the firewall wich explain it.

huh

  • Guru
  • ****
  • Posts: 245
    • View Profile
Re: Enable/Disable/Edit Firewall Ports Feature Request
« Reply #4 on: May 30, 2014, 01:43:45 am »
Cool, I think that was a yes to my question regarding the input/forward.  Look forward to testing once you get it patched.

huh

  • Guru
  • ****
  • Posts: 245
    • View Profile
Re: Enable/Disable/Edit Firewall Ports Feature Request
« Reply #5 on: July 20, 2014, 04:40:34 am »
OK- recent revisions to the firewall go a long way to getting this accomplished, but I've seen a few bugs:

1) If you use the simple (as compared with "Advanced Firewall Settings") configuration and edit a rule, the "save" text is not clickable, so there is no way to save the changes.
2) If you add a forward rule that applies to TCP and UDF, whatever you put in the "Description" box is saved into the "Limit to IP" box.
3) There isn't an option to type in the source port- in its place is a dropdown for the protocol.  What you type in for the destination port gets entered as the source port when saved.


Anyone else experience this?

12.04, updated tonight (July 19).
« Last Edit: July 20, 2014, 04:44:37 am by huh »