Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo
I want to upgrade my fwbuilder from v3 to v5.
When I import the fwb file, v5 tell me about there are rules that overwrite other rules (global vs iface specific rules). So I have to disable that specific rules. I don't know if it is possible to config v5 to ignore that overwriten rules.
The problem is that when I install the imported fwb file in fw, the behaviour is different to the original fwb file. It drops some ICMP packets (no rule with ICMP protocol was disabled) and some other frames which are allowed in the original fwb.
Do you have any hint ? Maybe I need to replicate my fw and play … but it has ~ 14 ifaces :-(, a lot of work to simulate our networks …
Thank you very much
I am not sure what is going on here. What was the error you've got about rules that overwrite other rules ?
Hello, there is the messages error:
FWGest:Policy:13: error: Rule '13 (global)' shadows rule '29 (eth4)' below it
FWGest:Policy:38: error: Rule '38 (global)' shadows rule '40 (eth4)' below it
FWGest:Policy:37: error: Rule '37 (global)' shadows rule '41 (eth4)' below it
FWGest:Policy:4: error: Rule '4 (global)' shadows rule '68 (eth17)' below it
FWGest:Policy:8: error: Rule '8 (global)' shadows rule '90 (eth17)' below it
All warnings are ok for me ( I understand firewall will work idem), but rule 41 have a item that I don't understand how it can be a destination (the own firewall, but it own ip is inside the network allowed) .
I'm attaching a picture with rule 41.
If you need that I attach both (v3 and v4 scripts generated), please tell me
Thank you very much
PD: (Oh, I cannot attach an image, the destination in rule 41 have a network and the same firewall object)
sounds like either you have to fix rules that shadow each other, or you can turn the function that detects rule shadowing off. You can turn it on and off in the firewall object "advanced" settings dialog.
Thank you vkurland.
I will try disable detecting rule shadow … (I made a quick search in internet about, but I guess I didn't use the correct words ;) )
It is a production firewall, but I will try to deactivate one by one rule, to debug the issue.
Thank you very much!