Firewall: nat, mangle?
Firewall: nat, mangle?
Hi!
Is it possible to configure nat and mangle chains via the web firewall configurator? If not, is there a way to add some custom firewall rules in a local file that would be automatically merged with the configuration generated by the firewall editor?
Thank you!
Is it possible to configure nat and mangle chains via the web firewall configurator? If not, is there a way to add some custom firewall rules in a local file that would be automatically merged with the configuration generated by the firewall editor?
Thank you!
Re: Firewall: nat, mangle?
Yes.
You can manage your own rules and add them to the chain.
Your configuration will be loaded automatically at startup.
You can manage your own rules and add them to the chain.
Your configuration will be loaded automatically at startup.
Gruß,
Tobi
-----------------------------
wewoco.de
Das Forum für Reseller, Digital-Agenturen, Bildschirmarbeiter und Mäuseschubser
Tobi
-----------------------------
wewoco.de
Das Forum für Reseller, Digital-Agenturen, Bildschirmarbeiter und Mäuseschubser
Re: Firewall: nat, mangle?
Hello, and thank you for the reply!
I'm still not quite enlightened, please give me some more details. In the panel I see only INPUT, FORWARD and OUTPUT chains, all belonging to the main *filter chain. All the new chains I try to create are also nested under *filter.
I need to configure other root chains like *nat and *mangle, and some chains under those, like for instance PREROUTING and POSTROUTING.
If it's really possible, can you please provide a simple example?
If not, is there any way to put my own rules in the file, to be included when the firewall fires up? If yes, what would be the full path to that file?
Thank you!
I'm still not quite enlightened, please give me some more details. In the panel I see only INPUT, FORWARD and OUTPUT chains, all belonging to the main *filter chain. All the new chains I try to create are also nested under *filter.
I need to configure other root chains like *nat and *mangle, and some chains under those, like for instance PREROUTING and POSTROUTING.
If it's really possible, can you please provide a simple example?
If not, is there any way to put my own rules in the file, to be included when the firewall fires up? If yes, what would be the full path to that file?
Thank you!
Re: Firewall: nat, mangle?
In the upper right corner of the firewall configuration page, there's a grey "Settings" button. It opens a modal with the following setting (among others):
So I guess you can just modify the file and reload the complete rule set, but I haven't tried it yet, to be honest.
Cheers,
Jan
Reload current rule sets
If you have done changes to iptables through CLI, you can initiate a reload of the current rules.
So I guess you can just modify the file and reload the complete rule set, but I haven't tried it yet, to be honest.
Cheers,
Jan
This message has been ROT-13 encrypted twice for higher security.
Re: Firewall: nat, mangle?
Hello, Enigma!Enigma wrote: ↑Mon 22. Oct 2018, 21:47lter
In the upper right corner of the firewall configuration page, there's a grey "Settings" button. It opens a modal with the following setting (among others):
Reload current rule sets
If you have done changes to iptables through CLI, you can initiate a reload of the current rules.
So I guess you can just modify the file and reload the complete rule set, but I haven't tried it yet, to be honest.
Cheers,
Jan
I've tried it. When I add a firewall rule manually in the console, then reload via the web interface, my rule shows up. But.. It only shows the rules in the *filter table, my *mangle and *nat table rules are nowhere to be seen (and yet, they are there, visible from the console: "iptables -t nat -vnL", or "iptables -t mangle -vnL"). I'm pretty sure, after all the testing, the web firewall manager does not treat *nat and *mangle tables at all, which to be honest could be a good thing - it could be possible to have my custom rules (excluding *filter table) configured at boot, and KeyHelp shouldn't touch them when it applies its saved *filter table rules.
Re: Firewall: nat, mangle?
Hello sburina,
You are right, nat and mangle can not be managed within the KeyHelp UI.
But you could import your nat and mangle rules by putting a little script into the folder:
For reference, there is already the 'keyhelp_load_rules' file which is responsible for importing the firewall rules on system-boot.
Every executable (chmod +x) file inside of this folder will be executed on boot.
Note: do not touch the 'keyhelp_load_rules' file, it may get overwritten by KeyHelp.
You are right, nat and mangle can not be managed within the KeyHelp UI.
But you could import your nat and mangle rules by putting a little script into the folder:
Code: Select all
/etc/network/if-pre-up.d/
Every executable (chmod +x) file inside of this folder will be executed on boot.
Note: do not touch the 'keyhelp_load_rules' file, it may get overwritten by KeyHelp.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Re: Firewall: nat, mangle?
Thank you, Alexander, that's what I have done, successfully applied the custom rules.Alexander wrote: ↑Tue 23. Oct 2018, 18:24 But you could import your nat and mangle rules by putting a little script into the folder:
Code: Select all
/etc/network/if-pre-up.d/
Have a nice day!
Re: Firewall: nat, mangle?
Oops!sburina wrote: ↑Wed 24. Oct 2018, 15:51Thank you, Alexander, that's what I have done, successfully applied the custom rules.Alexander wrote: ↑Tue 23. Oct 2018, 18:24 But you could import your nat and mangle rules by putting a little script into the folder:
Code: Select all
/etc/network/if-pre-up.d/
It worked from /etc/rc.local, but on Ubuntu 18.04 the scripts in /etc/network/if-pre-up.d/ don't get fired at all!
KeyHelp-managed rules don't get loaded neither!
Please take a note! We need a systemd service, explained with the example here:
https://nucco.org/2018/05/ubuntu-18-04- ... twork.html
Re: Firewall: nat, mangle?
Yes you are correct, we already recognized this problem on Ubuntu 18 and will fix it with the upcoming version.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************