inbound and outbound interface columns in iptables NAT
rules". This also addresses SF feature requests 1954286 "DNAT with
interface as condition not possible" and 621023 "manipulating
interface in NAT rule".
inbound and outbound interface columns in iptables NAT
rules". This also addresses SF feature requests 1954286 "DNAT with
interface as condition not possible" and 621023 "manipulating
interface in NAT rule".
name "ppp-dsl" for PPPoE interfaces. In addition to that, Linux
bridge interfaces may have names with a "-" such as
"br-lan". We will now permit a "-" in Linux interface names.
create redirect rule in cluster firewall object". Iptables nat
rule with target REDIRECT could not be built in a cluster
configuration. It should be possible to do this by putting cluster
object in Translated Destination.
fixed SF bug 3094273 "no state needed for ipv6-icmp in
ip6tables". Rules that match ICMPv6 objects should be
stateless. Compiler will check for this and reset "stateful" flag
of a rule and issue warning if the rule was built stateful in the
GUI.
"iptables redirecting NAT rules in the OUTPUT chain". NAT rules
should be allowed to translate from CustomService to TCP or UDP
service, provided CustomService object is configured with matching
protocol. See also change in libfwbuilder NATCompiler::classifyNATRule::processNext.
"iptables redirecting NAT rules in the OUTPUT chain". This fix
makes it possible to create iptables NAT rule with target REDIRECT
in the OUTPUT chain. The rule should have firewall object in OSrc
and TDst rule elements.
only firewall resets ipv4 stack" only reset ipv4 iptables when there are some ip4 rules; also added action block to usage string of the generated iptables script
"set" used to generate iptables command for rules with run-time
AddressTable objects. This module is only available in iptables
1.4.1.1 and later, however some embedded platforms do not have it
even though they ship later versions ofiptables (e.g. OpenWRT).
Use of this module is controlled by a checkbox in the iptables
"advanced" settings dialog which is off by default. This checkbox
becomes disabled when iptables version is set to < 1.4.1.1.
fixed#1523 "outbound ipv6 rule matching multicast ipv6 destination
is not generated". The rule with network object fe80::/10 in source
and ipv6 muticast ff00::/8 in destination did not produce correspondign
ip6tables command. The change affects other cases with rules using
broadcast or multicast objects that should be considered matching
the firewall object.
