From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mcr@obiwan.sandelman.ca>
Received: from tuna.sandelman.ca (unknown
	[IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3])
	by huchra.bufferbloat.net (Postfix) with ESMTP id 944EF21F126
	for <cerowrt-devel@lists.bufferbloat.net>;
	Tue, 20 Nov 2012 18:03:56 -0800 (PST)
Received: from obiwan.sandelman.ca (unknown [IPv6:2607:f0b0:f:2::247])
	by tuna.sandelman.ca (Postfix) with ESMTP id 0748820168
	for <cerowrt-devel@lists.bufferbloat.net>;
	Tue, 20 Nov 2012 21:05:19 -0500 (EST)
Received: by obiwan.sandelman.ca (Postfix, from userid 179)
	id 6AC70FF01; Tue, 20 Nov 2012 21:03:29 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [127.0.0.1])
	by obiwan.sandelman.ca (Postfix) with ESMTP id 52B6A63A4E
	for <cerowrt-devel@lists.bufferbloat.net>;
	Tue, 20 Nov 2012 21:03:29 -0500 (EST)
From: Michael Richardson <mcr@sandelman.ca>
To: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
X-Mailer: MH-E 8.3; nmh 1.3-dev; XEmacs 21.4 (patch 22)
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;
	<'$9xN5Ub#
	z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
Date: Tue, 20 Nov 2012 21:03:29 -0500
Message-ID: <19144.1353463409@obiwan.sandelman.ca>
Sender: mcr@obiwan.sandelman.ca
Subject: [Cerowrt-devel] zones for other subnets
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2012 02:03:57 -0000


I have a routed wifi in my Den.
It's not directly connected to my cerowrt.  
It's routed on a wired network that the cerowrt.  

Is there a way in the UI for me to write a firewall rule to let
packets in/out of it?  If I could create a zone based upon just
the subnet, it would work, but it seems that I can only define
covered networks by defining an interface on that network.

Basically, I need to put:

iptables -I FORWARD -s 209.87.252.192/28 -d 0.0.0.0/0 -j ACCEPT
iptables -I FORWARD -d 209.87.252.192/28 -s 0.0.0.0/0 -j ACCEPT

and I've even put this into "Custom Rules", but it doesn't seem to take.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition.