From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id DEF0021F2CF for ; Mon, 15 Sep 2014 08:32:14 -0700 (PDT) Received: by mail-oi0-f42.google.com with SMTP id e131so2398082oig.29 for ; Mon, 15 Sep 2014 08:32:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=tygjFUMl7lQx6gzCbyDpbrlbht7XCwRIbTRQk+qe5AY=; b=Yrbu0DhE9ENNLdm0CKu02ONisDNItFiNQrA3EHFG/t3/7zMTMxLTaXLzjZkKXY7K5w M148S4rFVGGnZKojxG5ioZCXJJgeS7/A+dxDmaZhtdjQ9XXP+NTxVCqGHXMVEC2rL+3t NnVsY7n4jBQx21djIHHw9g/zQgQNn/BBnsHxdp2vmy/U5RlfCtT+YFaRbxKFBrIslRPa u4cHQNJB6H4qtGTC+S0JL3+/R9qGHBoYL7WMBSqtdjneer1VmQcIqB5gHqvFk6jqH9sn 2Vn7B0bpx+SCmI6wJmvAmJ7OMN5CKeOK05BkjdEbaCkD0N2oledenTFPmKQW9bGSINxv stuA== MIME-Version: 1.0 X-Received: by 10.182.186.73 with SMTP id fi9mr28745610obc.0.1410795129722; Mon, 15 Sep 2014 08:32:09 -0700 (PDT) Received: by 10.202.227.76 with HTTP; Mon, 15 Sep 2014 08:32:09 -0700 (PDT) In-Reply-To: <20140915152259.GA5225@muttonhead.home.lan> References: <20140915152259.GA5225@muttonhead.home.lan> Date: Mon, 15 Sep 2014 18:32:09 +0300 Message-ID: From: Dave Taht To: Norman Yarvin Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] Firewall configuration in 3.10.50-1 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2014 15:32:43 -0000 It is a bug in the gui. To get efficiency in the firewall rules cero uses a pattern match to blend together all the interfaces. So you see in /etc/config/firewall file lines that use s+ To pattern match the three secure interfaces (se00, sw00, sw10) gw+ To pattern match the guest interfaces. On Mon, Sep 15, 2014 at 6:22 PM, Norman Yarvin wrote: > I was just bringing up a router with 3.10.50-1, and noticed something > that seemed amiss in the default firewall configuration. That is, > under the Network / Interfaces tab, most of the interfaces, under > "Firewall Settings", weren't assigned to any "firewall zone" ("guest", > "wan", or "lan"), but rather were left as "unspecified". > > Maybe this is on purpose for some reason, but it seems worth > mentioning. > > > -- > Norman Yarvin http://yarchive.net/blog > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel --=20 Dave T=C3=A4ht https://www.bufferbloat.net/projects/make-wifi-fast