You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
This is a continuation of remaining issues mentioned in #372
It is sometimes useful to be able to generate a firewall with optimal ruleset, to apply it on a small device. The current functionality is that the stateless rules are dropped for the optimal ruleset. While for icmpv6 protocol this was addressed, for dhcp and dhcpv6 services it was not. There's also the FIXME for anystateless, where it is mentioned that the rules might be added as untracked rules on the raw table.
I've made a small modification to firehol (see this commit), to allow it to generate the rules needed for dhcp and dhcpv6 services, while the anystateless issue remains unaddressed. I don't know why the anystateless rules can't be added just like they are added on the accurate firewall, but I don't need them, so I have not attempted to make any modifications here. The dhcp rule seem to work in my case, on the optimal ruleset.
The text was updated successfully, but these errors were encountered:
Hello,
This is a continuation of remaining issues mentioned in #372
It is sometimes useful to be able to generate a firewall with optimal ruleset, to apply it on a small device. The current functionality is that the stateless rules are dropped for the optimal ruleset. While for icmpv6 protocol this was addressed, for dhcp and dhcpv6 services it was not. There's also the FIXME for anystateless, where it is mentioned that the rules might be added as untracked rules on the raw table.
I've made a small modification to firehol (see this commit), to allow it to generate the rules needed for dhcp and dhcpv6 services, while the anystateless issue remains unaddressed. I don't know why the anystateless rules can't be added just like they are added on the accurate firewall, but I don't need them, so I have not attempted to make any modifications here. The dhcp rule seem to work in my case, on the optimal ruleset.
The text was updated successfully, but these errors were encountered: