Enhancement #2281

Reuse firewall rules on custom zones

Added by Davide Principi about 6 years ago. Updated over 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-firewall-base
Target version:v6.5
Resolution:REJECTED NEEDINFO:No

Description

The same set of firewall rules must be applied to different connections between zones. By default, we have loc (green/eth0) and net (red/eth1) zones with two different set of rules (i.e. access=public/private) for the traffic directed to the firewall zone.

After VPNs are installed also the lvpn (ppp+) zone is defined and the public or private rule set must be applied to the traffic from lvpn to the firewall.

Shorewall provides some nice features to implement "rule reusability":

See also shorewall-policy about how to call actions and macros.


Related issues

Related to NethServer 6 - Feature #1957: VPN: support IPsec/L2TP CLOSED 09/17/2013 09/20/2013

History

#1 Updated by Giacomo Sanchietti about 6 years ago

  • Target version set to v6.5-beta3

#2 Updated by Davide Principi almost 6 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#3 Updated by Giacomo Sanchietti over 5 years ago

  • Target version changed from v6.5-beta3 to ~FUTURE

#4 Updated by Giacomo Sanchietti over 5 years ago

  • Target version changed from ~FUTURE to v6.5

#5 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from TRIAGED to CLOSED
  • % Done changed from 20 to 100
  • Resolution set to WORKSFORME

The template system should offer enough expressiveness to write rules for multiple zones (including VPN).

Re-open the issue if a more practical example shouldn't be achieved without using macros.

#6 Updated by Giacomo Sanchietti over 5 years ago

  • Resolution changed from WORKSFORME to REJECTED

Also available in: Atom PDF