-
cool, no problem at all. Glad it works for you.
2009-11-14 20:18:41 UTC by vkurland
-
My bad, I'm still learning iptables, and fwbuilder (it's really quite a nice tool, once you get the right ideas into your head). I can see now that I misunderstood (on both 2.X and 3.X versions of fwbuidler). There's no bug here, just another user goof. Sorry.
2009-11-14 19:39:48 UTC by eclectic923
-
Hold on. Look at the commands generated for the guest_list rule set (I copy these from your original report):
1) $IPTABLES -N guest_list_0
2) $IPTABLES -A guest_list -s 10.168.227.232/29 -j guest_list_0 #
The second command is in the guest_list chain as you requested. "guest_list_0" is just another chain used for logging. You application can add new addresses to the guest_list ch.
2009-11-14 15:27:35 UTC by vkurland
-
please attach .fwb data file that illustrates the problem.
2009-11-14 02:28:03 UTC by vkurland
-
Both fwbuilder 2.X and 3.X (including 3.07) have the same bug (though
the naming conventions vary). When one creates a new chain, the chain
doesn't get the name supplied by the user.
This is a big deal! I have an external access granting web app that
adds/deletes rules from the 'guest_list' chain to enable/disable router
access for guest systems (wireless laptops). If the chain name was...
2009-11-14 02:13:08 UTC by eclectic923
-
Closing, please reopen if the problem persists or I misunderstood.
2009-11-13 15:35:35 UTC by vkurland
-
I can see this to be an inconvenience, but this is not a bug, this is by design.
NAT rules do not have special column for the interface so to get "-o interface" parameter the program needs to get it from somewhere. If the interface object or its address is used in TSrc, it adds "-o interface" because it can associate this address with interface. If you explicitly do not want to have "-o...
2009-11-10 13:57:02 UTC by vkurland
-
The problem with the stand-alone address is that it does not reflect how the firewall is configured. That's how I stumbled on this bug: I wanted to update fwbuilder's view to match the real network configuration of the firewall.
2009-11-10 13:51:19 UTC by gombasg
-
Sorry, I did not notice that this is what you did exactly in the first try. That is the recommended way of doing it. It works as it is supposed to.
2009-11-10 13:35:17 UTC by vkurland
-
Try creating a separate standalone address object with address 192.168.1.1 (in addition or instead of adding this address to br0) and then use it in Translated Source. See what you get then.
2009-11-10 13:34:12 UTC by vkurland
