Feature #2809
Firewall: web interface for policy routing
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-firewall-base | |||
Target version: | v6.7 | |||
Resolution: | NEEDINFO: | No |
Description
Create a new interface module for managing policy routing rules.
Using the UI, the user should be able to:- Create/edit a rule
- Select source and destination using object picker
- Select service using object picker
- Re-order the rule list
Related issues
Associated revisions
Policy routing: move rules into fwrules db. Refs #2809
Firewall rules UI: ROUTE action implementation for Policy routing. Refs #2809
Rules UI: disable log checkbox if action is route. Refs #2809
FirewallRules UI: select what kind of rules to show. Refs #2809
FirewallRules UI: restyle rules, added drag handles. Refs #2809
FirewallRules UI: restyle rules (2). Refs #2809
Merge branch 'b2809'. Refs #2809
Firewall.pm: skip non-existing hosts in host-groups. Refs #2809
Policy rules interface. Refs #2809
Policy rules interface [italiano]. Refs #2809
FirewallRules UI: fixed disabled state CSS. Refs #2809
FirewallRules: update online help. Refs #2809
Policy routing: smarter logic on tcrules template. Refs #2809
Policy routing: ignore rules where dst is set to any. Refs #2809
FirewallRules UI: restyle rules (3). Refs #2809
Providers UI: check if provider is used by fw rules before delete. Refs #2809
FirewallRules UI: added fwrule-modify system validator. Refs #2809
In a routing rule
- Source must not be red
- Destination must be one of { red, host, zone, iprange, cidr }
Policy routing: fix template logic. Refs #2809
Translation: fix typo. Refs #2809
Merge pull request #86 from DavidePrincipi/b2809
Policy rules interface. Refs #2809
History
#1 Updated by Giacomo Sanchietti about 7 years ago
- Related to Feature #2740: Firewall: rules to divert traffic via specific provider added
#2 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from NEW to TRIAGED
- Target version set to v6.5
- % Done changed from 0 to 20
#3 Updated by Giacomo Sanchietti almost 7 years ago
- Target version changed from v6.5 to ~FUTURE
#4 Updated by Davide Principi over 5 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- Target version changed from ~FUTURE to v6.7
- % Done changed from 20 to 30
#5 Updated by Davide Principi over 5 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case 1
- Check migration of route policy rules from
tc
DB tofwrules
Test case 2
- In
Multi WAN
page, create some WAN providers for red interfaces - In
Firewall rules
page, Create, Edit, Delete a route rule, using the WAN providers now listed under theAction
selector - Check the
tc
configuration is expanded to/etc/shorewall/tcrules
#6 Updated by Davide Principi over 5 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-firewall-base-2.9.0-1.10.g091287e.ns6.noarch.rpm
nethserver-firewall-base-ui-2.9.0-1.10.g091287e.ns6.noarch.rpm
#7 Updated by Giacomo Sanchietti over 5 years ago
- Assignee set to Giacomo Sanchietti
#8 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from ON_QA to TRIAGED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 20
- rules containing zones in the form of label (eg. net, loc, etc)
- rules containing the keyword "any"
Also, the web interface doesn't take care of rules containing deleted providers.
#9 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from TRIAGED to ON_DEV
- % Done changed from 20 to 30
#10 Updated by Davide Principi over 5 years ago
- Assignee set to Davide Principi
#11 Updated by Davide Principi over 5 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
[...]
Test case 3
In a routing rule:
- Source must not be red
- Destination must be one of { red, host, zone, iprange, cidr }
Check the validators actually implement the guidelines above
#12 Updated by Davide Principi over 5 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-firewall-base-2.9.0-1.15.g2355f05.ns6.noarch.rpm
nethserver-firewall-base-ui-2.9.0-1.15.g2355f05.ns6.noarch.rpm
nethserver-firewall-base-ui-2.9.0-1.18.g699ce30.ns6.noarch.rpm
nethserver-firewall-base-2.9.0-1.18.g699ce30.ns6.src.rpm
#13 Updated by Davide Principi over 5 years ago
PACKAGER NOTE
Merge documentation PR when released
#14 Updated by Giacomo Sanchietti over 5 years ago
- Assignee set to Giacomo Sanchietti
#15 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
All tests passed.
Also updated developer manual.
#16 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-firewall-base-2.10.0-1.ns6.noarch.rpm
- nethserver-firewall-base-ui-2.10.0-1.ns6.noarch.rpm