From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu [131.215.239.19]) by huchra.bufferbloat.net (Postfix) with ESMTP id 6351B201044 for ; Thu, 26 Apr 2012 13:14:41 -0700 (PDT) Received: from fire-doxen.imss.caltech.edu (localhost [127.0.0.1]) by fire-doxen-postvirus (Postfix) with ESMTP id 641CC2E50D4E for ; Thu, 26 Apr 2012 13:14:35 -0700 (PDT) X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new Received: from [192.168.50.78] (tsaolab-fw.caltech.edu [131.215.9.89]) (Authenticated sender: moeller) by fire-doxen-client (Postfix) with ESMTP id A4BF332803E for ; Thu, 26 Apr 2012 13:14:34 -0700 (PDT) From: Sebastian Moeller Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Date: Thu, 26 Apr 2012 13:14:34 -0700 Message-Id: <5CFE07BB-A9A9-46F1-93CA-1B3644D2406B@caltech.edu> To: "" Mime-Version: 1.0 (Apple Message framework v1257) X-Mailer: Apple Mail (2.1257) X-Mailman-Approved-At: Thu, 26 Apr 2012 13:46:22 -0700 Subject: [Cerowrt-devel] 3.3.2-8 and firewall X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2012 20:14:41 -0000 Hi Dave hi list, yesterday I upgraded to 3.3.2-8 (and did basic testing with the = simple_qos.sh script, which worked okay). I have not gotten around to do = proper testing of simple_qos script, but hope to do so over the next = week (it will be pretty run of the mill 4M/30M cable so nothing exciting = to expect). Today I tried to access the configuration interface on port = 81 from my workplace (via IPv4) and was quite amazed this actually = worked. In the past this never worked (and I think it would be safer a = default if remote access to the configuration interface required an = active decision from the user :) ). So, I went and created a custom rule = to reject incoming connections on port 81 from wan (and now I can not = reach the GUI from outside, I am quite curious whether I managed to = wedge it for good or whether I will still be able to reach the GUI from = the lag or guest section=85). Now there is the possibility that I have = brought this issue on myself by using the vanilla QOS scheme instead of = simple_qos in production, if so please let me know. best Sebastian --=20 Sebastian Moeller telephone: +1-626-325-8598 /+1-626-395-6523 / +1-626-395-6616 fax: 626-395-8826 German GSM: +49 - 15 77 - 1 90 31 41 mobile: +1-626-325-8598 +1-626-807-5242 US CDMA: +1-626-807-5242 moeller@caltech.edu Division of Biology MC 114-96 California Institute of Technology 1200 East California Boulevard CA 91125, Pasadena USA