Recent Posts

Pages: [1] 2 3

News / SourceForge

« Last post by razwall on January 21, 2025, 11:15:19 AM »

Hello,
The RazWall Firewall project has a sourceforge project site for the ISO builds located here: https://sourceforge.net/projects/razwall/. The initial ISO test build has been published. This ISO does NOT install RazWall, but is just a modified Slackware64 15 installer. I will post additional ISOs as I make progress towards getting this to work as intended.

If you do decide toy download the ISO, be aware that the package groups A,AP,D,L,N are the only groups available and with minimum supported packages intended for RazWall in the near future.

More coming soon.. Enjoy!

Dev Stuff / Required packages

« Last post by razwall on January 21, 2025, 10:20:19 AM »

a/aaa_base
a/aaa_glibc-solibs
a/aaa_libraries
a/aaa_terminfo
a/acl
a/attr
a/bash
a/bin
a/coreutils
a/cpio
a/cracklib
a/dbus
a/dcron
a/devs
a/dialog
a/e2fsprogs
a/elogind
a/etc
a/eudev
a/file
a/findutils
a/gawk
a/glibc-zoneinfo
a/grep
a/gzip
a/hostname
a/kernel-generic
a/kernel-huge
a/kernel-modules
a/kmod
a/less
a/libgudev
a/libpwquality
a/lilo
a/logrotate
a/mkinitrd
a/nvi
a/openssl-solibs
a/os-prober
a/pam
a/pkgtools
a/procps-ng
a/sed
a/shadow
a/sharutils
a/sysklogd
a/syslinux
a/sysvinit
a/sysvinit-scripts
a/tar
a/tree
a/util-linux
a/which
a/xz
a/bzip2

ap/slackpkg
ap/mariadb
ap/nano
ap/sqlite
ap/screen
ap/screen

d/autoconf
d/autoconf-archive
d/automake
d/binutils
d/cmake
d/gcc
d/git
d/perl
d/subversion
d/yasm

l/libproxy
l/libsigc++
l/libpcap
l/libssh
l/libunistring
l/libxml2
l/libxslt
l/libyaml
l/mhash
l/ncurses

n/bind
n/bootp
n/bridge-utils
n/bsd-finger
n/ca-certificates
n/curl
n/cyrus-sasl
n/dhcp
n/dhcpd
n/ebtables
n/ethtool
n/htdig
n/httpd
n/icmpinfo
n/iftop
n/inetd
n/iproute2
n/iptables
n/iptraf-ng
n/iputils
n/krb5
n/libmnl
n/libnetfilter_acct
n/libnetfilter_conntrack
n/libnetfilter_cthelper
n/libnetfilter_cttimeout
n/libnetfilter_log
n/libnetfilter_queue
n/libnfnetlink
n/libnftnl
n/net-tools
n/network-scripts
n/ntp
n/openssh
n/ca-certificates
n/gnupg
n/openssl
n/openvpn
n/ppp
n/rp-pppoe
n/traceroute
n/ulogd
n/vlan
n/wget
n/whois

r/razwall
r/razwall-ui
r/razwall-iptables
r/razwall-nf

News / Re: Firewall update

« Last post by razwall on January 13, 2025, 08:54:09 AM »

I started building a custom ISO this weekend. I will release for testing as soon as I am able to rebuild without error. This will NOT be a functional build rather a "developer preview". Once released this will serve as a development platform and (hopefully) used to make pull requests for testing.

News / Re: Github

« Last post by techdevel2 on January 11, 2025, 12:46:39 PM »

good work.
thanks

News / Re: Firewall update

« Last post by techdevel2 on January 11, 2025, 12:41:31 PM »

Hi,
nice progress btw. very soon we will see iso/img for testing your work for open source community.

News / Firewall update

« Last post by razwall on January 10, 2025, 11:28:42 AM »

I have completed the SNAT and DNAT rewrite in Perl. I will continue to work on converting the other firewall components. I am also working on building an automated ISO so users can begin testing and participating in development. I am probably a month or so out from having an auto-install ready.

Dev Stuff / Edian Menu Items

« Last post by razwall on January 08, 2025, 02:10:25 PM »

Dev Stuff / Test Rules

« Last post by razwall on January 08, 2025, 02:08:30 PM »

/razwall/config/dnat/config
on,tcp,,any,x.x.x.51:UPLINK:main,,8080,192.168.0.14,8080,DNAT,internal www server,,ACCEPT
on,tcp,,any,x.x.x.51:UPLINK:main,,443,192.168.0.14,443,DNAT,inernal www SSL server,,ACCEPT
on,tcp&udp,,any,x.x.x.54:UPLINK:main,,80&443,192.168.0.46,,DNAT,Mobile Print Server,,ALLOW
on,,,any,x.x.x.53:UPLINK:main,,,192.168.14.2,,DNAT,CCREADER on x.x.x.53,,ALLOW

/razwall/config/incomming/config
on,,,103.79.141.172&172.206.138.254&163.172.204.79&103.77.192.219&104.140.114.110&185.224.128.83&104.250.191.110&114.141.53.82&108.61.246.56&149.28.14.163&194.233.83.109&157.230.221.198&167.99.168.251&185.250.151.72&192.81.208.169&203.160.69.66&211.56.98.146&5.254.43.18&80.92.205.81&79.124.62.182&209.141.60.60&176.58.124.134&194.26.29.11&87.251.75.145&144.172.73.40&192.35.168.128&37.64.150.50&222.186.136.150&193.27.228.27&80.82.65.213&185.132.53.161&185.202.2.68&45.148.10.202&84.54.51.37&152.32.173.15&80.82.77.202&91.92.247.159&184.105.247.252&78.153.140.179&118.193.73.8&115.231.78.3&106.75.166.204&184.105.139.70&91.243.50.206&158.46.145.178&91.92.241.222&194.165.1.22&101.36.97.187&27.222.11.186,,,,DROP,BLOCK'EM,on

/razwall/config/outgoing/config
on,,,198.54.115.49&thluongphu.online,,DROP,,PHISING SITES,,,,
on,,,,,ALLOW,,Allow all PHONE outbound,,lan2,,
on,,,,,ALLOW,,allow lan all TEST,,PHYSDEV:eth0.1,,
on,udp,,,1194,ALLOW,,OUTBOUND OPENVPN,,PHYSDEV:eth0.1,,
on,tcp&udp,,,119&123&13,ACCEPT,,Allow NTP,,,,
on,tcp&udp,,,49152:65535,ALLOW,,ROBLOX PORTS,,,,
on,tcp&udp,,8.8.8.8&8.8.4.4&208.67.222.222&208.67.220.220&185.228.168.168&185.228.169.168&185.228.168.10&185.228.169.11&185.228.168.9&185.228.169.9&x.x.x.130,53,ACCEPT,,allow DNS,,,,
on,tcp,,,80,ALLOW,,allow HTTP,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp,,,443,ALLOW,,allow HTTPS,,lan&lan2&dmz,,
on,tcp,,,21,ALLOW,,allow FTP,,PHYSDEV:eth0.1,,
on,tcp,192.168.0.23&192.168.0.38&192.168.0.60&192.168.1.103&192.168.1.102&192.168.0.114&192.168.0.81&192.168.0.9,,25,ALLOW,,allow SMTP,on,,,
on,tcp,,,110,ALLOW,,allow POP,off,lan,,
on,tcp,,,143,ALLOW,,allow IMAP,,PHYSDEV:eth0.1,,
on,tcp,,,995,ALLOW,,allow POP3s,,PHYSDEV:eth0.1,,
on,tcp,,,993,ALLOW,,allow IMAPs,,PHYSDEV:eth0.1,,
on,icmp,,,8&30,ALLOW,,allow PING,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp&udp,,,6333&5363&6048,ACCEPT,,ALEPH/POLARIS,,,,
on,tcp&udp,,,22&2220,ACCEPT,,web ssh,,,,
on,tcp&udp,,,4433,ACCEPT,,Connie SSL VPN to City,,PHYSDEV:eth0.1,,
on,,,24.111.245.154,,ALLOW,,Supervene All Access,,,,
on,tcp&udp,,,2050:2150,ALLOW,,ODIN Proxy,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp&udp,,,993&465&587,ALLOW,,GMAIL imap ssl,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp,,,843&2221&2222&2227&13207&13217&13227&13237&13247&13257,ALLOW,,ALLOW VUDU STREAMING,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp&udp,,,25&993&587&143&110&995,ALLOW,,Allow Mail Application Ports,,dmz,,
on,tcp&udp,,,1935,ACCEPT,,ADOBE CONNECT,,,,
on,udp,,,1024:65534,DROP,,block torrent ports,on,,,
on,,,192.42.116.41,,DROP,,BLOCK BOTNET OUTBOUND,on,,,
on,,,24.111.245.154,,ACCEPT,,allow all to bryan ip,,,,
on,tcp&udp,,,500&4500&1701&1723,ALLOW,,Guest VPN Out,,dmz,,
on,tcp&udp,,,4435&6667&123&,ALLOW,,PBX SWITCH - NEBULA,on,PHYSDEV:eth0.1,,
on,,,,,ALLOW,,Allow CC outbound for all,,PHYSDEV:eth0.700,,

/razwall/config/routing/config
on,,,UPLINK:main,Failover for LAN to WAN,,,,,,lan2&dmz&PHYSDEV:eth0.1&PHYSDEV:eth0.600&PHYSDEV:eth0.700,on
off,,192.168.0.8&192.168.0.26,192.168.1.1,allow dhcp vlan to lan,,udp,67&68,,,dmz,

/razwall/config/snat/config
on,,192.168.0.14,,,UPLINK:main,SNAT,web.domain.local out .51,,x.x.x.51
on,,192.168.14.0/24,,,UPLINK:main,SNAT,vlan 700 to x.x.x.53 external IP,,x.x.x.53

/razwall/config/vpnfw/config
on,,,,,ALLOW,,,,VPN:gfptohome,lan&dmz

/razwall/config/xtaccess/config
tcp,192.168.0.0/24,22&80&10443,off,,x.x.x.50:UPLINK:main,,INPUTFW,ACCEPT,,
tcp,,22,on,,PHYSDEV:eth0.1,,INPUTFW,ALLOW,,

/razwall/config/zonefw/config
on,,,,,DROP,,BLOCK VLAN1 to VLAN700,,PHYSDEV:eth0.1,PHYSDEV:eth0.700
on,,,,,DROP,,BLOCK VLAN700 to VLAN1,,PHYSDEV:eth0.700,PHYSDEV:eth0.1
on,,,,,ACCEPT,,ALLOW VLAN1 lan to VLAN1 lan,,PHYSDEV:eth0.1,PHYSDEV:eth0.1
on,,,,,ACCEPT,,LAN to PHONES,,PHYSDEV:eth0.1,lan2
on,,,,,ACCEPT,,,,lan&PHYSDEV:eth0.1,dmz&PHYSDEV:eth1.200
on,,,,,ACCEPT,,,,lan2,lan2
on,,,,,ACCEPT,,,,dmz,dmz
on,tcp&udp,,192.168.0.34,7725,ACCEPT,,DEEP FREEZE,,dmz,
on,tcp&udp,,192.168.0.2&192.168.0.3&,53,ALLOW,,INTERNAL DNS LOOKUPS,,dmz,
on,tcp,,192.168.0.14,80,ALLOW,,,,dmz,
on,tcp&udp,,192.168.0.33,1688,ACCEPT,,Allow KMS Activation,,dmz,
on,tcp,192.168.1.102&192.168.1.103,192.168.0.19,25,ALLOW,,allow checks to send mail from LAN,,,
on,tcp,,192.168.0.82,80,ALLOW,,CaptivePortalTest,,dmz,

Dev Stuff / uplink status JSON response

« Last post by razwall on January 08, 2025, 02:04:37 PM »

{
   "cacheHitAt": 1731600455.4530821,
   "cachedOn": 1731600454.6696789,
   "time": 1731600454.66975,
   "uplinks": [
      {
         "status": "ACTIVE",
         "defaultGatewayTimestamp": 1731349117.8499999,
         "managed": "on",
         "shouldBeUp": true,
         "canStart": true,
         "isLinkAlive": true,
         "data": {
            "name": "'Main uplink'",
            "ip": "x.x.x.x",
            "last_retry": "",
            "interface": "eth3",
            "type": "STATIC",
            "gateway": "x.x.x.x"
         },
         "defaultGateway": true,
         "uptime": "2d 21h 50m 14s",
         "name": "main",
         "isLinkActive": true,
         "enabled": "on",
         "autostart": "on",
         "hasChanged": true
      },
      {
         "status": "ACTIVE",
         "defaultGatewayTimestamp": -1,
         "managed": "on",
         "shouldBeUp": true,
         "canStart": true,
         "isLinkAlive": true,
         "data": {
            "name": "'WAN2'",
            "ip": "x.x.x.x",
            "last_retry": "",
            "interface": "eth2",
            "type": "DHCP",
            "gateway": "x.x.x.x"
         },
         "defaultGateway": false,
         "uptime": "2d 21h 49m 37s",
         "name": "uplink1",
         "isLinkActive": true,
         "enabled": "on",
         "autostart": "on",
         "hasChanged": true
      }
   ],
   "cached": true
}

{
   "cacheHitAt":1735250063,
   "cached":true,
   "time":1735250063,
   "cachedOn":1735250063,
   "uplinks": [
      {
         "managed":"on",
         "defaultGatewayTimestamp":"1731349077",
         "isLinkAlive":true,
         "enabled":"on",
         "name":"uplink1",
         "shouldBeUp":true,
         "uptime":"9d 3h 30m 48s",
         "data": {
            "last_retry":"",
            "ip":"x.x.x.x",
            "name":"'WAN2'",
            "type":"DHCP",
            "gateway":"x.x.x.x",
            "interface":"eth2"
         },
         "isLinkActive":true,
         "autostart":"on",
         "defaultGateway":false,
         "status":"ACTIVE",
         "hasChanged":true,
         "canStart":true
      },
      {
         "autostart":"on",
         "defaultGateway":true,
         "isLinkActive":true,
         "status":"ACTIVE",
         "hasChanged":true,
         "canStart":true,
         "managed":"on",
         "defaultGatewayTimestamp":"1731349040",
         "isLinkAlive":true,
         "enabled":"on",
         "name":"main",
         "shouldBeUp":true,
         "uptime":"9d 3h 30m 48s",
         "data": {
            "type":"STATIC",
            "gateway":"x.x.x.x",
            "ip":"x.x.x.x",
            "name":"'Main uplink'",
            "last_retry":"",
            "interface":"eth3"
         }
      }
   ]
}

Dev Stuff / Endian ip chains

« Last post by razwall on January 08, 2025, 02:02:43 PM »

Chain INPUT (policy DROP)
Chain FORWARD (policy DROP)
Chain OUTPUT (policy ACCEPT)
Chain ALLOW (109 references)
Chain ALLOW_HOOKS (1 references)
Chain BADTCP (2 references)
Chain BADTCP_LOGDROP (11 references)
Chain CUSTOMFORWARD (1 references)
Chain CUSTOMINPUT (1 references)
Chain CUSTOMOUTPUT (1 references)
Chain HAFORWARD (1 references)
Chain HANDLE_ESTABLISHED (2 references)
Chain ICMP_LOGDROP (2 references)
Chain INCOMINGFW (1 references)
Chain INPUTFW (13 references)
Chain INPUTFW_LOGDROP (12 references)
Chain INPUTTRAFFIC (1 references)
Chain LOG_FORWARD (1 references)
Chain LOG_INPUT (1 references)
Chain NEWNOTSYN (0 references)
Chain NEWNOTSYN_LOGDROP (2 references)
Chain OPENVPNCLIENTDHCP (1 references)
Chain OPENVPNDHCP (1 references)
Chain OUTGOINGFW (1 references)
Chain PORTFWACCESS (1 references)
Chain PROXYIN (1 references)
Chain PROXYOUT (1 references)
Chain PROXYOUTGOINGFW (62 references)
Chain QUEUEFW (1 references)
Chain REDINPUT (1 references)
Chain VPNFW (19 references)
Chain VPNFWBRIDGE (1 references)
Chain VPNFWDST (0 references)
Chain VPNFW_LOGDROP (19 references)
Chain VPNTRAFFIC (1 references)
Chain VPN_AS (1 references)
Chain ZONEFW (9 references)
Chain ZONEFW_LOGDROP (9 references)
Chain ZONETRAFFIC (1 references)

Pages: [1] 2 3

News:

Recent Posts

News / SourceForge

Dev Stuff / Required packages

News / Re: Firewall update

News / Re: Github

News / Re: Firewall update

News / Firewall update

Dev Stuff / Edian Menu Items

Dev Stuff / Test Rules

Dev Stuff / uplink status JSON response

Dev Stuff / Endian ip chains