it should be possible to define some parts of the rule
by hand. for example to define things like "-m owner
--uid 1234" for the iptables output.
I guess you can make --destination-ports 80,443 a part of
the same custom service.
In order for me to implement matching on the UID, I need to
create a new type of object and add support for it to all
policy compilers. This can be done, but it is going to take
a lot of work. I am converting this report to a feature request.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
no, i want support to append a user spcified string to a
rule, which is not always a uid match. it may a match with
any other possible iptables modules.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
yes, I think that would be the right way. Also, since
fwbuilder is not just a GUI for iptables, I need to find
equivalents for these commands or options in other firewall
platforms. I can always mark them as "unsupported" on
ipfilter, pf etc., but ideally I'd like to impelment
features that can be used universally, not something very
specific to iptables.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
iptables is the most customisable one of the supported
backend. but any other supports thing which aren't supported
by fwbuilder. so it may be usefull for this backends.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
matching owner's user id is supported in iptables, PF and
ipfw, so things are not so bad. This in fact is on my TODO
list so I want it to be on the record with this Feature Request
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Logged In: YES
user_id=6825
this is already possible via Custom Service objects.
Logged In: YES
user_id=24048
not completely. if i add a custom service, the ipt compiler
doesn't append the rules to the rest of the output. i get
the following:
$IPTABLES -A OUTPUT -o ppp0 -p tcp -m multiport
--destination-ports 80,443 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o ppp0 -m owner --uid-owner 13 -m
state --state NEW -j ACCEPT
not the desired one:
$IPTABLES -A OUTPUT -o ppp0 -p tcp -m multiport
--destination-ports 80,443 -m owner --uid-owner 13 -m
state --state NEW -j ACCEPT
Logged In: YES
user_id=6825
I guess you can make --destination-ports 80,443 a part of
the same custom service.
In order for me to implement matching on the UID, I need to
create a new type of object and add support for it to all
policy compilers. This can be done, but it is going to take
a lot of work. I am converting this report to a feature request.
Logged In: YES
user_id=24048
no, i want support to append a user spcified string to a
rule, which is not always a uid match. it may a match with
any other possible iptables modules.
Logged In: YES
user_id=6825
this would not fit well with Firewall Builder's object
oriented model
Logged In: YES
user_id=24048
hmm, will it fit into it if you add a new type of objects
for such rules strips?
Logged In: YES
user_id=6825
yes, I think that would be the right way. Also, since
fwbuilder is not just a GUI for iptables, I need to find
equivalents for these commands or options in other firewall
platforms. I can always mark them as "unsupported" on
ipfilter, pf etc., but ideally I'd like to impelment
features that can be used universally, not something very
specific to iptables.
Logged In: YES
user_id=24048
iptables is the most customisable one of the supported
backend. but any other supports thing which aren't supported
by fwbuilder. so it may be usefull for this backends.
Logged In: YES
user_id=6825
matching owner's user id is supported in iptables, PF and
ipfw, so things are not so bad. This in fact is on my TODO
list so I want it to be on the record with this Feature Request