[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Frederick Page <fpage at thebetteros dot oche dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Proposal for 1.2 beta: Firewall Rules
 Date:  Sun, 12 Sep 2004 18:07:55 +0200
On 12.09.2004 16:34 +0200, Frederick Page wrote:

> I had set-up a firewall rule to block ports 135-139 and 445 in order
> for them not to get logged by the default rule. I (erreanously) set
> source-ports 135-139 (instead of destination-ports) and found out,
> that I could _not_ edit this rule to source-ports any and
> destination-ports 135-139. Had to delete the rule, create a new one
> and move it all the way to the top (I like my rules sorted).

Huh? I just tried that (new rule, src ports 135-139, dst any, save,
then edit, src ports any, dst 135-139, save), and it worked fine. Can
you try again and post a detailed list of what you did to trigger
that bug?

> Would it be possible, to include the comment of the rule in the log
> (something like the --log-prefix option on Linux iptables)? Yes I
> know, the rule-number is visible and on status.php I can look up
> which rule caused the log-entry, but something like a log-prefix
> might be more comfortable?

Well, the problem is that the filter log comes straight from
ipmon/ipfilter, so it'd have to be post-processed somehow to map
ipfilter rule numbers back to m0n0wall rule numbers. Maybe,
sometime... But thanks for the suggestion!