[ previous ] [ next ] [ threads ]
 From:  Jim McBeath <jimmc at macrovision dot com>
 To:  Bart Smit <bit at signature dot nl>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] mods to firewall rule code
 Date:  Sat, 1 Nov 2003 09:19:17 -0800
On Sat, Nov 01, 2003 at 04:23:28PM +0100, Bart Smit wrote:
> On Fri, 31 Oct 2003, Jim McBeath wrote:
> > Below are the changes in diff -u format.

> Just had a quick first glance and, while it looks very promising, there
> are glitches. At first, the rule type field is not initialized correctly
> when you edit a rule. It always says Pass (so if you do the edit&save
> dance without changing anything, block-rules will become pass-rules).

I'm not following you here.  Previously, m0n0 did not support blocking
rules, so any existing rule was a pass rule.  If you don't change the
type to BLOCK, it will stay a pass rule.

> Secondly, we could do with some more input checking. It lets me enter
> ridiculously high values for the sequence number. I didn't veryfy, but I
> doubt that the firewall backend will be very happy with these, and even if
> it swallows them without complaints, they may not yield the desired
> bevaviour.

The sequence number is only used by m0n0 to sort the rules within the
interface group; it is not passed to the backend.

> Otherwise, great idea, and I'll pound it a bit more.