|Version 21 (modified by jsoriano@…, 3 years ago) (diff)|
Disable ipv6 bind for daemons
we should disable ipv6 bind for daemons because we don't support ipv6 in Zentyal yet but a box could get an ipv6 address by its autoconf mechanism opening a way to access services expected to be protected by ipv4 netfilter rules.
Make filter policies in objects compatible with time period restrictions
Add support for all the protocols available in /etc/protocols
This would also affect multigateway rules and traffic shaping.
Firewall redirections log
Adding MAC filter support, as described in this forum topic: http://forum.zentyal.com/index.php?topic=1439.0
Show firewall entries depending on configuration
If Zentyal is not acting as gateway, just show Internal to Zentyal and Zentyal to Internet
ID for rules
When there are a lot of rules the sorting is difficult, it would be nice to add the ability of inserting a rule before or after another. Forum suggestion: http://forum.zentyal.com/index.php?topic=2143.msg9101#msg9101
NAT loopback or reflection
The full explanation is done at: http://forum.zentyal.com/index.php?action=post;topic=2205.0
Add native support to DMZ
Current implementation of ebox-firewall let users create manually a DMZ. But users want an automatic rule creation for a DMZ.
Suggestion from: http://forum.zentyal.com/index.php?topic=3032.0;topicseen
Allow/Deny? all the IPs from a particular country
Using GeoIP, suggestion from: http://forum.zentyal.com/index.php?topic=2977.msg15617#msg15617
Port forwarding to accept network objects and services
As the rest of Zentyal modules to work with.