Could you add support for firewall port ranges? APF supports this.
For the conf.apf file it goes in as startport_endport. I manually added this myself but it would be nice for it to show in the GUI as well. I needed ranges to properly allow passive ftp through the firewall on my server.
??? The faq shows how to block ip ranges but not port ranges. When I try to add a port range it says it is invalid giving a message “Invalid port, please provide a valid port number (1 - 65335)”.
psst, PSST Don’t tell Socheat I tild you guys this but the request just happened to happen at the same time we were going to make interface changes necessary for the new version of apf
Good question. Now I forgot about this since I no longer have my VPS account anymore (cancelled due to lack of use) but if it is not in there then hopefully it will be soon.
Ah yes, the infamous “It’s coming in the next version!” mantra. C’mon, don’t insult us, we all know it’s just a matter of a small tweak of a form post value.
Tim implied that it was being added to the “new interface” for apf over a year ago. It’s a small tweak, and it’s extremely limiting, so let’s get with the program guys!
[QUOTE=bbridges;13194]Ah yes, the infamous “It’s coming in the next version!” mantra. C’mon, don’t insult us, we all know it’s just a matter of a small tweak of a form post value.
Tim implied that it was being added to the “new interface” for apf over a year ago. It’s a small tweak, and it’s extremely limiting, so let’s get with the program guys![/QUOTE]
Small tweak yes, but it’s just a tad more than just a form tweak. In 2.1.3, the code that validates the form input and the code that validates the data being written out to the APF config file, does not allow for port ranges.
Sorry to insult you if you take it this way, but it’s still a single string (xxxx_yyyy) and a very simple fix… this sounds like pure laziness.
I’ve been a php developer for several years, I know it’s not that hard of a change to make. This is almost a showstopper flaw for me, as I run asterisk on the same machine with Interworx, and I have to have a port range open for RTP traffic.
Manual editing isn’t a feasible option because of it being overwritten. I don’t know if it actually is, but it’s not a risk I’m willing to take.
[QUOTE=bbridges;13196]Manual editing isn’t a feasible option because of it being overwritten. I don’t know if it actually is, but it’s not a risk I’m willing to take.[/QUOTE]It is very easy to do manually and it is what I have done. Iworx 3.0 is out now in RC and should be officially released soon.
I dont think Iworx devs need to be defended but when you have a customer base the size of theirs even small updates have to be planned out well in advance and I dont think something this small is going to be worth the overhead to release as its own update.