Toke Høiland-Jørgensen writes: > So, not sure exactly how it's supposed to work; does this hook into the > firewall after NAT'ing has been applied? Otherwise you'd presumably need > to add exceptions for the configured internal network(s)? (I think that > may be what is going on in the bcp script at ln 38, but some sort of > auto-detection of the relevant network(s) would be needed? Or as a > minimum a whitelist configuration option?) Also, is there a reason you're not putting the contents of the ipset into the firewall configuration file? Then you'd have the GUI sorted (assuming there's LUCI support for ipset)... -Toke