Recent content by Alasdair Muckart | FWCloud Forum

Recent content by Alasdair Muckart

  1. A

    Complex Policy Rules for Custom Services

    Hi, Here's a screenshot of the custom service we created in FWBuilder. We then use this service in rules.
  2. A

    Branch to New Policy Chains

    Thanks for your reply. The ability to create chains and to fully utilise the "branch" action of iptables/nftables should be all that's needed.
  3. A

    Branch to New Policy Chains

    Thank you for the reply. It's good to know that's on the roadmap. I can't share specific examples of our policies but I'll try and explain the general setup we use. Rather than having an "inside" and "outside" our firewalls have multiple interfaces facing different tenants & networks and all...
  4. A

    Complex Policy Rules for Custom Services

    Thank you for the reply, it's good to know that's possible. It probably won't work for our use cases since we have enough of this type of config in our environment that it probably isn't practical at the moment. Thanks again.
  5. A

    Complex Policy Rules for Custom Services

    We're trying to replicate our current fwbuilder-generated configurations using fwcloud. One of the things we've found is that there's no way in fwcloud to use the policy module do do things like match previously-encrypted GRE traffic with --proto 47 -m policy --pol ipsec --dir in for example...
  6. A

    Branch to New Policy Chains

    There doesn't seem to be a way in fwbuilder to create additional policy chains or to branch to them as the action on a rule. This is a function we use extensively in fwbuilder. We have complex firewalls with policies that control traffic based on egress interface. The initial policy branches to...
  7. A

    Future support for nftables

    Ubuntu 20.04 has moved to nftables. It provides transition scripts to ease the migration but they are only temporary. Are there any plans to support nftables in future releases of fwcloud? Thanks.
  8. A

    Import from fwbuilder or IPTables

    Is it possible to import existing configuration from fwbuilder or its compiled IPTables rules?
Top