[Cerowrt-devel] Firewall configuration in 3.10.50-1

Norman Yarvin yarvin at yarchive.net
Mon Sep 15 11:57:33 EDT 2014

Ah, okay.

It seems like the GUI could be fixed by just nuking the "firewall
settings" tab.  (Since if someone does try to use it, it'll interact
in some unspecified way with the existing "s+" and "gw+" rules.)

On Mon, Sep 15, 2014 at 06:32:09PM +0300, Dave Taht wrote:
>It is a bug in the gui. To get efficiency in the firewall rules cero
>uses a pattern match
>to blend together all the interfaces. So you see in
>/etc/config/firewall file lines that use
>s+ To pattern match the three secure interfaces (se00, sw00, sw10)
>gw+ To pattern match the guest interfaces.
>On Mon, Sep 15, 2014 at 6:22 PM, Norman Yarvin <yarvin at yarchive.net> wrote:
>> I was just bringing up a router with 3.10.50-1, and noticed something
>> that seemed amiss in the default firewall configuration.  That is,
>> under the Network / Interfaces tab, most of the interfaces, under
>> "Firewall Settings", weren't assigned to any "firewall zone" ("guest",
>> "wan", or "lan"), but rather were left as "unspecified".
>> Maybe this is on purpose for some reason, but it seems worth
>> mentioning.
>> --
>> Norman Yarvin                                   http://yarchive.net/blog
>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel at lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>Dave Täht

More information about the Cerowrt-devel mailing list