From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from nm30-vm1.bullet.mail.gq1.yahoo.com (nm30-vm1.bullet.mail.gq1.yahoo.com [98.136.216.192]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id C5B3E21F2D3 for ; Mon, 15 Sep 2014 08:57:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1410796656; bh=NRZoVbzxzCHyRI6T4+z38dAGC/PKmYB8aLF6HOCQi/I=; h=Received:Received:Received:X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:In-Reply-To:User-Agent:From:Subject; b=VbASlZ5L59G/xq2TRoGiDSUpT9AquNqtXt3dGlbzXkVt6Wc4i9MXIeCN4q56uBBW0C+n2IUXkjCd8BMCdX3ynQ8dFKb8yEClNG2EeUkiqRxNCyV9lQ3eCbBRMSSPXebPH1Uc+Kzmc1id/p+xDGDLVUes6AzVVz2XAu9daLDcJ9A585PWVM1B85N9IUGMbEu1+nwkdqqHbK2o5R4EbGY7jP0UGc0jmBHfMUSYlPh+HpVlywp0kSY8HrdLgIEGUaejXg+IzKSCZGfacuM91Oc7xxJGE4JEulwsU4uxXkzwKsJincm/RLy+B8sOAHOhVtQrZjZfpt89IsOfKNWV17FNAw== DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=WYe1UWCNMxhi9fRgJ4EeAD+vORmsQ6NEmnB48j8REyXzc9j3cmkW8NM4VPdhnbC36xHz8awzhlD5V0pT+fdMu5FvYPSp8q98QCmwUHlo4mlZHqEi96rvD6gCL5yEF/L6nephlW4TtEEWbPM/PHCdWohTmlot8HJRG9KuuzrOWJgd3OEDFrKnOJ0U62R7a7VacbPw8v8EouGTuvnXbBWW7h7nO0bkef/KpsKU1n2jum0pvPDscd63FYaA1hBeW2LzefvhGbeHvOLwlCKQX9C3aZ7Ri9JKURVz1Xm1N7AfV+W1ShBiZH61tX7m1fmiPVRm2JSthwruNsWV2aFiletSyA==; Received: from [216.39.60.182] by nm30.bullet.mail.gq1.yahoo.com with NNFMP; 15 Sep 2014 15:57:36 -0000 Received: from [208.71.42.198] by tm18.bullet.mail.gq1.yahoo.com with NNFMP; 15 Sep 2014 15:57:36 -0000 Received: from [127.0.0.1] by smtp209.mail.gq1.yahoo.com with NNFMP; 15 Sep 2014 15:57:36 -0000 X-Yahoo-Newman-Id: 36783.33668.bm@smtp209.mail.gq1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: K96XVqoVM1nHvO_D7WD3NnqwOHEe6dYCoSV1mkB5P.I.LC4 50zx1IXC5WbY897oz1.CuPyFch6g7cqYVN4DWRfCQPqSevA2vMvbZ9iWU1tB fdMMI2BaYTyftFhncKj.vk1oYkBIsApNYcBqxPHVczRF0J_xnmFD4gQnQjqZ WJxkPSMooDhWsK3MmZKJxZ77Q3AgyN9tPoKbpz8g0icatQaiYZlGZ57qWI47 XDDHJCdzb1UFEm9sjaoP.yP.CibyYsh9x9L_9_c4kgPfWwFU2PQZifTNaSIz 0iWVhUYKJmX.N_fc1tKh0mnqGcwmzJr3.RviN2UcjY8ivggnAoOPCvxkaxMB PF_zOSq5zQwcq1m6ThhgwDyikzhcmW0FV58Ge74YzTDVSerGHnwYOnUcAExt SvnpZGqCeXrPzRqTt8CyvpEx3gDbu6FjTql9647xfPsOOZqk.sIdr4oUJF_y joT81lWdUJPW.aidAT5ZLu2CougPOzgoX.O6R27U4FxVPnYiZoCbAGbO1JPM Ov3ckTeePYnt_.JhfamUTJR4b1U9Ad4LWJgUMj8mnZus_.dMCiAIHWs4IrN7 1PfuF52lJQqcdIqAChRx5fvIjDI9HgdKoAlmHxU57iFoFBIlUADh9nh8D3Tr tHxgDyxYu2P33AOGQygA- X-Yahoo-SMTP: jrkS4HqswBAegmaogOsp98ZrokEa9syEi10I30caBehdMEM- Date: Mon, 15 Sep 2014 11:57:33 -0400 From: Norman Yarvin To: Dave Taht Message-ID: <20140915155733.GA5394@muttonhead.home.lan> References: <20140915152259.GA5225@muttonhead.home.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] Firewall configuration in 3.10.50-1 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2014 15:58:05 -0000 Ah, okay. It seems like the GUI could be fixed by just nuking the "firewall settings" tab. (Since if someone does try to use it, it'll interact in some unspecified way with the existing "s+" and "gw+" rules.) On Mon, Sep 15, 2014 at 06:32:09PM +0300, Dave Taht wrote: >It is a bug in the gui. To get efficiency in the firewall rules cero >uses a pattern match >to blend together all the interfaces. So you see in >/etc/config/firewall file lines that use > >s+ To pattern match the three secure interfaces (se00, sw00, sw10) >gw+ To pattern match the guest interfaces. > > > >On Mon, Sep 15, 2014 at 6:22 PM, Norman Yarvin wrote: >> I was just bringing up a router with 3.10.50-1, and noticed something >> that seemed amiss in the default firewall configuration. That is, >> under the Network / Interfaces tab, most of the interfaces, under >> "Firewall Settings", weren't assigned to any "firewall zone" ("guest", >> "wan", or "lan"), but rather were left as "unspecified". >> >> Maybe this is on purpose for some reason, but it seems worth >> mentioning. >> >> >> -- >> Norman Yarvin http://yarchive.net/blog >> _______________________________________________ >> Cerowrt-devel mailing list >> Cerowrt-devel@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cerowrt-devel > > > >-- >Dave Täht > >https://www.bufferbloat.net/projects/make-wifi-fast