Negate position not working | FWCloud Forum

Negate position not working

D

darkowl

New member
Hello.
I have updated my FWCloud installation. And now I am unable to use "negate position" in UI.
The ones already set up are there, marked by red negative flag. But I am unable to set it anymore.
"Enable position" action is present, but "disable / negate position" is not there anymore.

And which is worse - I made "enable position" on one rule and I am unable to reverse it. I did not apply the rule, but once I will, my firewall will break.

How can I use negative rules now?
 

Attachments

  • fwc1.jpg
    fwc1.jpg (27 KB)
    File size
    27 KB
    Download
    2
  • fwc2.jpg
    fwc2.jpg (24.7 KB)
    File size
    24.7 KB
    Download
    2
Carles Munyoz

Carles Munyoz

Administrator
Staff member
Hi,
It seems that is a bug introduced in the last update.
Please, let us some time to review it and generate a new patch version that solves it.

I'll inform you as soon as it is solved, in a few days.
Greetings.
 
D

darkowl

New member
Compilation gives:

# RULE 5 (ID: 2969)
FWCRULE2969.CH1
$IPTABLES -A FORWARD -m comment --comment 'Allow forward from local networks to internet' -s 10.100.1.0/24 -m conntrack --ctstate NEW -j $IPTABLES -A FWCRULE2969.CH1 -d 10.100.1.0/24 -j ACCEPT

And I need to be able to get rule like:
$IPTABLES -A FORWARD -m comment --comment 'Allow forward from local networks to internet' -s !10.100.1.0/24 -m conntrack --ctstate NEW -j $IPTABLES -A FWCRULE2969.CH1 -d !10.100.1.0/24 -j ACCEPT

I don't know how I can write NAT rule without it.
 
D

darkowl

New member
Meanwhile I guess I can manage it with posthook or script rule.
I guess installing previous version of UI will work too?
 
Carles Munyoz

Carles Munyoz

Administrator
Staff member
As an alternative solution until we release the patch release (on Monday) you can create one script rule with the code you need.
That is, temporarily disable the current rule and create up or below a new script rule with the code:
$IPTABLES -A FORWARD -m comment --comment 'Allow forward from local networks to internet' -s !10.100.1.0/24 -m conntrack --ctstate NEW -j $IPTABLES -A FWCRULE2969.CH1 -d !10.100.1.0/24 -j ACCEPT
Click to expand...
 
Carles Munyoz

Carles Munyoz

Administrator
Staff member
We have just published a patch release that solves this bug.
Please, let me know if it solves your problem.

Thank you very much for your report.
 
D

darkowl

New member
Hello.
Just installed the update.
"Negate position" is back. Thank you for the swift responce. Muchas grasias!
 
Carles Munyoz

Carles Munyoz

Administrator
Staff member
Thanks to you.
Please, report any other issue that you detect and we will solve as soon as possible.
Help from community is very appreciated and helps us create great software tools as FWCloud.
 
You must log in or register to reply here.
Top