Allow runtime determination of eth0 ip, net

Jon Ringle
2010-07-14
2013-03-05
  • Jon Ringle
    Jon Ringle
    2010-07-14

    Hi,

    I believe this will be a feature request, since I don't think there is a way to currently do this with fwbuilder:

    I'd like to create  a generic firewall that doesn't have a hardcoded IP address and network for eth0 (inside) interface. An eth0 interface with static IP address and network can be learned at runtime when the firewall script is started. This would allow an administrator to change the static IP and network for eth0 without needing to re-generate a taylored firewall script just because eth0 changed.

    Thanks,
    Jon

     
  • Jon Ringle
    Jon Ringle
    2010-07-14

    I started with the OpenWRT firewall template, and I changed eth0 to be dynamic and deleted the static IP address that was created by the template. However, the template has rules that refer to "Firewall:eth0:net", and I can't find this in the tree view (although I can double-click on the element in the rule). When I edit this, it has the hardcoded network for eth0 that I want calculated at runtime.

     
  • Vadim Kurland
    Vadim Kurland
    2010-07-14

    that template has dynamic interface eth1. Do you want both inetrfaces to be dynamic ?

    I do not see any rules in this template that refer to the ip address of eth0. What rule is that in your case ?

    What happens when you double click on this object in the rule ? It should locate it in the tree and open it in the editor.  May be you are looking at the rules of another firewall object ?

     
  • Jon Ringle
    Jon Ringle
    2010-07-14

    eth1 is truly dynamic, and eth0 I want to be dynamic only because I want the firewall script to calculate the ip and network of eth0 at runtime (but eth0 on the router is really static).

    The template does not refer to the ip address of eth0, it refers to the network of eth0 (Firewall:eth0:net), and double-clicking on the element in the rule allows you to edit it to change the hardcoded network address and netmask, but it does NOT find it in the tree.

     
  • Vadim Kurland
    Vadim Kurland
    2010-07-14

    I know what is going on. Object Firewall:eth0:net has been created because you've changed the address of the interface eth0 when you created firewall object. This object has been added to the tree but the program did not refresh the tree so you can't see it there. This is a known bug, it will be fixed soon.

    Generated script can learn actual address of dynamic interface but not the address of attached network. Please open feature request.