Enhancement #2774
Firewall: support objects on port forward and traffic shaping rules
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-firewall-base | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
Actual implementation of firewall port forward and traffic shaping do not support firewall objects.
New implementation must:- allow use of firewall objects (see: #2716)
- use name of properties with first letter uppercase
- migrate old implementation to the new one
Related issues
Associated revisions
Update rules, tcinterfaces, tcpri templates. Refs #2774
Use firewall objects on portforward and handle port ranges
Use firewall objects on traffic shaping
Use props with first letter capitalized
Web UI: update interface for new behavior. Refs #2774
Web UI: add external IP in port forward. Refs #2774"
Policy template: skip aliases. Refs #2774
Web UI: removed 'Check firewall' button. Refs #2774
System validator: add firewall-objects-exists validator. Refs #2774
Fixes Proto parameter renaming on commit:a63d205e. Refs #2774
Pick object on PortForward and TrafficShaping modules. Refs #2774
PortForward, TrafficShaping. Use firewall-object-exists platform validator. Refs #2774
PickObject: use search result localized title. Refs #2774
PickObject: restricted search results based on caller module. Refs #2774
Help {en,it}: fixed formatting, updated contents for PickObject fields. Refs #2774
PortForward: fix Destionation host visualization, on opening. Refs #2774
PickObject: select host, remote, local record types in TrafficShaping and PortForward modules. Refs #2774
PickObject: translate fw objects titles. Refs #2774
FirewallRules, TrafficShaping, PortForward pages: use translate() to print firewall object titles. Refs #2774
PortForward, TrafficShaping UI modules: detached firewall-adjust task. Refs #2774
PortForward, TrafficShaping: removed unused fw objects types from PickObject. Refs #2774
Release 2.0.0-2
Migration fragment 000_capitalize_props for portforward DB. Refs #2774
See commit:34e3ed10 "Use props with first letter capitalized"
History
#1 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from NEW to TRIAGED
- Target version set to v6.5
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti about 7 years ago
- Subject changed from Firewall: support objects on on port foward and traffic shaping rules to Firewall: support objects on port foward and traffic shaping rules
#3 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#4 Updated by Giacomo Sanchietti about 7 years ago
- Assignee deleted (
Giacomo Sanchietti)
- Port forwarding:
- Support for empty destination port
- Port range
- Multiple protocol
- Host object
- Capitalized properties
- Removed "Check firewall" action
- Port forwarding:
- Capitalized properties
- Host object in rules based on source ip
- Removed support for mac-based rules
- integration of firewall objects picker into the web interface
#5 Updated by Giacomo Sanchietti about 7 years ago
- Related to Enhancement #2762: Cannot create a port forward rule with a range of ports added
#6 Updated by Giacomo Sanchietti about 7 years ago
- Subject changed from Firewall: support objects on port foward and traffic shaping rules to Firewall: support objects on port forward and traffic shaping rules
#7 Updated by Davide Principi about 7 years ago
- Assignee set to Davide Principi
#8 Updated by Davide Principi about 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
- NEEDINFO changed from No to Yes
Added the firewall object select/create workflow to PortForward/Modify and TrafficShaping/Ip/Modify controllers.
Test case 1
When editing/creating a PortForward:- select existing firewall object as Destination host
- check new firewall object creation wokflow
The form state must be consistent on any possible workflow path.
Test case 2
When creating a TrafficShaping rule:- select existing firewall object as Source host
- check new firewall object creation wokflow
The form state must be consistent on any possible workflow path.
TODO
- PortForward
host
- TrafficShaping
zone
host
andhost-group
(?)
#9 Updated by Davide Principi about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-firewall-base-1.1.0-75.0gitf2bd959f.ns6.noarch.rpm
#10 Updated by Davide Principi about 7 years ago
- Status changed from ON_QA to TRIAGED
- % Done changed from 70 to 20
- NEEDINFO changed from Yes to No
#11 Updated by Davide Principi about 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#12 Updated by Davide Principi about 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case 3
The selection of firewall objects must be limited, depending on the current page/field:- PortForward: host
- TrafficShaping: zone host and host-group
- Firewall Rules: anything but services, for Source and Destination, and service only for Service field.
#13 Updated by Davide Principi about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:nethserver-firewall-base-1.1.0-77.0git3988344b.ns6.noarch.rpm
#14 Updated by Davide Principi about 7 years ago
Rebuilt RPM with merge from branches b2774 and b2776.
In nethserver-testing:nethserver-firewall-base-1.1.0-96.0git6f85adb5.ns6.noarch.rpmnethserver-firewall-base-1.1.0-97.0git3def7d4e.ns6.noarch.rpmnethserver-firewall-base-1.1.0-97.0git60f1df33.ns6.noarch.rpm
nethserver-firewall-base-1.1.0-100.0git8f017215.ns6.noarch.rpm
#15 Updated by Giacomo Sanchietti about 7 years ago
- Assignee set to Giacomo Sanchietti
#16 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from ON_QA to TRIAGED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 20
- firewall objects: db
hosts
record type @host - dhcp reservations: db
hosts
record typelocal
- dns record: db
hosts
record typeremote
All hosts should be preceded by a label or a icon indicating the host type.
The selection of firewall objects must be limited, depending on the current page/field:- PortForward: host
- TrafficShaping: host
- Firewall Rules: anything but services, for Source and Destination, and service only for Service field.
#17 Updated by Davide Principi about 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#18 Updated by Davide Principi about 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
#19 Updated by Davide Principi about 7 years ago
MODIFIED
PortForward and TrafficShaping modules now run firewall-adjust event as a detached task.
#20 Updated by Davide Principi about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:nethserver-firewall-base-1.1.0-108.0git4d1bd977.ns6.noarch.rpm
nethserver-firewall-base-1.1.0-110.0gitd37ac429.ns6.noarch.rpm
nethserver-httpd-admin-1.2.3-99.19gitd9c4f44.ns6.noarch.rpm
#21 Updated by Giacomo Sanchietti about 7 years ago
- Assignee set to Giacomo Sanchietti
#22 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
All tests passed.
#23 Updated by Davide Principi almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:nethserver-firewall-base-2.0.0-1.ns6.noarch.rpm
nethserver-firewall-base-2.0.0-2.ns6.noarch.rpm (added migration fragment 000_capitalize_props)
#24 Updated by Giacomo Sanchietti almost 7 years ago
- Related to Bug #2846: Firewall: add migration fragment for tc database added