[Cerowrt-devel] vpn fw question
Eric S. Johansson
esj at eggo.org
Fri Oct 3 00:12:15 EDT 2014
On 10/2/2014 11:38 PM, Dave Taht wrote:
> Personally I find the output of
>
> ip route show
>
> to be much more readable and usable nowadays.
you are quite right. It is. thank you for the reminder to kill off old
habits and build a new old habit.
> Ideally you should be able to shrink that 10.43 network into a single
10.43.0.0/20 route.
that is my plan when I replace the firewall in the main office. There is
a lot of Cruft in the old firewall including multiple holes for things
people "used to do" but they don't dare close them because they might
have to do them again. I wish IP cop was sufficiently sophisticated for
this purpose but I think the UI gotten rather crufty since I last worked
on it.
You see, I work in the land of myth and magic. A little bit of Hollywood
right here in Boston.
and WTH is this?
172.30.42.0 0.0.0.0 255.255.255.0 ! 0 0 0 *
> That is what is called a "covering route". The interfaces in cerowrt are
> all /27s out of a single /24. Just as you could just do a 10.43.0.0/20 route
> instead of the 16 10.43 routes above.
I've got to learn Lua and how to debug in this environment better. I
should probably explain. I was one of the founding members of the IPCop
firewall. We put a lot of energy into making it simple and easy to use
so that it was harder to make mistakes. I apologize in advance if I
offend anyone but the current UI for Cerowrt/openwrt is not shaped by
workflow but by the need to expose everything.
I'm hoping that I will be able to demonstrate what I mean by an error
resistant UI sometime over the next few months. In the meantime however,
I'm going to try and learn enough so I can be useful fixing small bugs
and reducing chaos enhancers in tools like uci.
And I just saw your other mail about BCP 38. What is it?
--- eric
More information about the Cerowrt-devel
mailing list