wish list (cntd.):
1) It would be nice to allow the configuration (maybe with
a notice "for advanced users") of the
relevant /proc/sys/net/ variables from within the webmin
turtle interface (as it is already done for
rp_filters,log_martians,...) and have the FW configuring it
independently from /etc/sysctl.conf. But turtle should
also restore the old config when the FW is stopped.
I think particularly
about /proc/sys/net/ipv4/icmp_echo_ignore_all which
seems to be set by turtle (without notice) and never
restored when turtle is stopped.
other variables:
-icmp_ratelimit
-ip_conntrack_max (i.e: higher when lots of
redirect/seconds are expected...)
-conf/eth*/accept_redirects
-conf/eth* (per interface config)
-...
2) there is a button to apply (save&restart) the rules, but
wouldn't it be nicer to have 6 different buttons from within
the turtle service?
- save or generate (without applying, so that we can
check manually the generated ipt rules),
- start FW,
- stop FW,
- install service (start at boot)
- remove service (kill at boot)
It would avoid the need of swapping between the turtle
and the Bootup&Shudown section, and it would also
avoid the surprise of an unreachable machine when
playing for the first time ;o)..
3) log rate limiting (cntd.): would be nice to have a
different log rates or no rate or no log depending on the
chain (i.e. INPUT<FORWARD)
-
(great job anyway as for the whole webmin community)
-jm-
