Feature #3112
Firewall: support ip range and CIDR objects
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-firewall-base | |||
| Target version: | v6.6 | |||
| Resolution: | NEEDINFO: | No |
Description
- IP range
- CIDR
- IP range: 192.168.1.2-192.168.1.10
- CIDR: 192.168.1.2/48
IP range and CIDR object must be supported to create firewall rules.
See:Related issues
Associated revisions
Firewall library: support iprange and cidr objects. Refs #3112
Web UI: add iprange and cidr objects. Refs #3112
validators: create fwobject-cidr-delete and fwobject-iprange-delete system validators. Refs #3112
Translation: add CIDR subnets and IP ranges. Refs #3112
Inline help: add CIDR subnets and IP ranges. Refs #3112
Translations: update validator labels. Refs #3112
Web UI: fix ip range type. Refs #3112
History
#1
Updated by Giacomo Sanchietti over 6 years ago
- Target version set to v6.6
#2
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#3
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#4
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
hosts database and has following properties:
Start: first IP of the rangeEnd: last IP of the rangeDescription: optional description
Example:
r1=iprange
Description=My range r1
End=192.168.5.10
Start=192.168.5.2
New cidr object is saved inside the hosts database and has following properties:
Network: network in CIDR formatDescription: optional description
Example:
c1=cidr
Address=192.168.5.20/29
Description=My cidr obj
#5
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
nethserver-firewall-base-2.5.1-1.6.g8bd943c.ns6.noarch.rpm- nethserver-firewall-base-2.5.1-1.8.g8b98244.ns6.noarch.rpm
- Create an ip range named r1 with some IPs from green zone
- Create a rule using the new object:
db fwrules set 1 rule Action drop Dst 'role;red' Log none Position 64 Service any Src 'iprange;r1' status enabled signal-event firewall-adjust
- Check the generated rule is correct and reports the ip range inside the green zone
- Create a cidr subnet named c1 with some IPs from green zone
- Create a rule using the new object:
db fwrules set 2 rule Action drop Dst 'role;red' Log none Position 128 Service any Src 'cidr;c1' status enabled signal-event firewall-adjust
- Check the generated rule is correct and reports the cidr inside the green zone
#6
Updated by Giacomo Sanchietti over 6 years ago
- Related to Enhancement #3119: Support IP ranges and CIDR subnets into Web Content Filter profiles added
#7
Updated by Giacomo Sanchietti over 6 years ago
- Related to Feature #3121: Firewall rules (web UI): support ip range and CIDR object added
#8
Updated by Davide Principi over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
VERIFIED
All OK, but one question: why not implementing the UI interface with a single checkbox? The external system behaviour is allow/drop connections from unbinded MACs: it is a boolean state.
#9
Updated by Davide Principi over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
CLOSED
In nethserver-updates:
nethserver-firewall-base-2.6.0-1.ns6.noarch.rpm