Recent Posts

Pages: [1] 2 3 ... 9
1
News / update 9-2-2025
« Last post by razwall on September 02, 2025, 09:01:53 PM »
Well hello everyone, I'm sorry it's been a while! Great news, I have hit a major milestone tonight. The current dev build has a bunch of working features:

Console UI login is tied to web UI login
Console UI displays LAN/WAN status with automatic updates
WebUI can create vlans
WebUI can create zones from physical or vlan interfaces
All configs are stored in razwall-master.json
All modifications are stored in razwall-queue.json prior to applying
Applying pending changes successfully tears down and rebuilds the network interfaces, bridges, vlans, statics, DHCP
Firewall rules are also built automatically from JSON
All network startup is controlled by RazWall using razwall-master.json
Websocket services are no longer dependent on port 4000, instead they are proxied so the up can change and access depends on auth

What's left:

Display, add, remove, delete, sort rules using the new JSON format data
Build out DHCP server(s)
Network setup fix for console

Once these are done, I will release the ISO and this will be a working version!

Other features I want in the final release:

OpenVPN (P2P, Client)
VPN user management
Internal DNS filtering
Firewall log viewer (logging is already built into the rule building programs)
WolfSSL for FIPS compliant deployments

Future additions:
IPV6 options for each interface and firewall zone
Add Snort back into the mix

Revise forum registration and open back up for new members to join the project. We might move this project to GitHub for support and development. The code is already there,ight as well leverage the security to stop all the bots.

2
Dev Stuff / Re: Config JSON structure testing
« Last post by razwall on August 29, 2025, 02:50:39 PM »
{
  "access" : [
      {
        "enabled" : true,
        "protocol" : [ "tcp" ],
        "src_dev" : [ "br0" ],
        "dst_dev" : [ "fw" ],
        "dst_port" : [ "22" ],
        "remark" : "Allow SSH from LAN",
        "filter_target" : "ACCEPT",
        "log" : false
      },
      {
        "enabled" : true,
        "protocol" : [ "tcp" ],
        "src_dev" : [ "br0" ],
        "dst_dev" : [ "fw" ],
        "dst_port" : [ "443" ],
        "remark" : "Allow HTTPS from LAN",
        "filter_target" : "ACCEPT",
        "log" : false
      },
      {
        "enabled" : true,
        "protocol" : [ "tcp" ],
        "src_dev" : [ "br0" ],
        "dst_dev" : [ "fw" ],
        "dst_port" : [ "80" ],
        "remark" : "Allow HTTP from LAN",
        "filter_target" : "ACCEPT",
        "log" : false
      },
      {
        "enabled" : true,
        "protocol" : [ "udp" ],
        "src_dev" : [ "br0" ],
        "dst_dev" : [ "fw" ],
        "dst_port" : [ "67","68" ],
        "remark" : "Allow DHCP on LAN",
        "filter_target" : "ACCEPT",
        "log" : false
      },
      {
        "enabled" : true,
        "protocol" : [ "udp","tcp" ],
        "src_dev" : [ "br0" ],
        "dst_dev" : [ "fw" ],
        "dst_port" : [ "53" ],
        "remark" : "Allow DNS on LAN",
        "filter_target" : "ACCEPT",
        "log" : false
      },
      {
        "enabled" : true,
        "protocol" : [ "udp" ],
        "src_dev" : [ "eth1" ],
        "dst_dev" : [ "fw" ],
        "dst_port" : [ "1194" ],
        "remark" : "Allow OpenVPN on WAN",
        "filter_target" : "ACCEPT",
        "log" : false
      }
  ],
  "bridges" : {
      "br0" : { "interfaces" : [ "eth0" ] }
  },
  "dhcp" : [],
  "dnat" : [
      {
        "enabled" : true,
        "protocol" : [ "tcp" ],
        "src_dev" : [ "eth1" ],
        "dst_ip" : [ "X.X.X.X" ],
        "dst_port" : [ "80" ],
        "target_ip" : [ "192.168.19.87" ],
        "target_port" : [ "80" ],
        "remark" : "WAN HTTP to internal webserver",
        "filter_target" : "ACCEPT",
        "nat_target" : "DNAT",
        "log" : false
      },
      {
        "enabled" : true,
        "protocol" : [ "tcp" ],
        "src_dev" : [ "eth1" ],
        "dst_ip" : [ "X.X.X.X" ],
        "dst_port" : [ "443" ],
        "target_ip" : [ "192.168.19.87" ],
        "target_port" : [ "443" ],
        "remark" : "WAN HTTPS to internal webserver",
        "filter_target" : "ACCEPT",
        "nat_target" : "DNAT",
        "log" : false
      }
  ],
  "hosts" : [],
  "interfaces" : {
      "physical" : [ "eth0","eth1","lo" ],
      "virtual" : []
  },
  "out" : [
      {
        "enabled" : true,
        "protocol" : [ "tcp" ],
        "src_dev" : [ "br0" ],
        "dst_dev" : [ "eth1" ],
        "dst_port" : [ "80","443" ],
        "remark" : "Allow LAN outbound web",
        "filter_target" : "ACCEPT",
        "log" : false
      },
      {
        "enabled" : true,
        "protocol" : [ "all" ],
        "src_dev" : [ "br0" ],
        "dst_dev" : [ "eth1" ],
        "remark" : "Block all other outbound from LAN",
        "filter_target" : "DROP",
        "log" : false
      }
  ],
  "routing" : [
      {
        "type" : "default",
        "via" : "<GW1 IP>",
        "dev" : "eth1",
        "remark" : "Default WAN route"
      }
  ],
  "snat" : [
      {
        "enabled" : true,
        "src_dev" : [ "br0" ],
        "dst_dev" : [ "eth1" ],
        "nat_target" : "SNAT",
        "remark" : "MASQUERADE LAN1 to WAN1"
      },
      {
        "enabled" : true,
        "src_dev" : [ "br0" ],
        "dst_dev" : [ "eth2" ],
        "nat_target" : "SNAT",
        "remark" : "MASQUERADE LAN1 to WAN2"
      }
  ],
  "users" : {
      "Admin" : "admin:$apr1$qci0smug$50y/xw0j8s7vsUmW421Zi."
  },
  "vpnfw" : [
      {
        "enabled" : true,
        "protocol" : [ "tcp" ],
        "src_dev" : [ "tun0" ],
        "dst_dev" : [ "br0" ],
        "dst_port" : [ "3389" ],
        "remark" : "VPN to LAN1 RDP",
        "filter_target" : "ACCEPT",
        "log" : false
      },
      {
        "enabled" : true,
        "protocol" : [ "tcp" ],
        "src_dev" : [ "tun0" ],
        "dst_dev" : [ "br1" ],
        "dst_port" : [ "445" ],
        "remark" : "VPN to LAN2 SMB",
        "filter_target" : "ACCEPT",
        "log" : false
      },
      {
        "enabled" : true,
        "protocol" : [ "all" ],
        "src_dev" : [ "tun0" ],
        "dst_dev" : [ "br0" ],
        "remark" : "Block VPN to LAN1",
        "filter_target" : "DROP",
        "log" : false
      },
      {
        "enabled" : true,
        "protocol" : [ "all" ],
        "src_dev" : [ "tun0" ],
        "dst_dev" : [ "br1" ],
        "remark" : "Block VPN to LAN2",
        "filter_target" : "DROP",
        "log" : false
      }
  ],
  "vpns" : [],
  "vusers" : [],
  "zfw" : [
      {
        "enabled" : true,
        "protocol" : [ "tcp" ],
        "src_dev" : [ "br0" ],
        "dst_dev" : [ "br1" ],
        "dst_port" : [ "3389" ],
        "remark" : "LAN1 to LAN2 RDP",
        "filter_target" : "ACCEPT",
        "log" : false
      }
  ],
  "zones" : {
      "LAN" : {
        "ZADDITIONAL" : "",
        "ZADDRESS" : "192.168.55.1",
        "ZCOLOR" : "#00ff00",
        "ZDESC" : "Primary Network",
        "ZDHCP" : "off",
        "ZIFACE" : "eth0",
        "ZNETMASK" : "/24",
        "ZSTRING" : "LAN",
        "ZTYPE" : "LAN"
      },
      "LOCAL" : {
        "ZADDITIONAL" : "",
        "ZADDRESS" : "",
        "ZCOLOR" : "black",
        "ZDESC" : "Local Loopback Adapter",
        "ZDHCP" : "off",
        "ZIFACE" : "lo",
        "ZNETMASK" : "",
        "ZSTRING" : "loopback",
        "ZTYPE" : "LOOPBACK"
      },
      "WAN" : {
        "ZADDITIONAL" : "",
        "ZADDRESS" : "",
        "ZCOLOR" : "red",
        "ZDESC" : "Primary Internet Connection",
        "ZDHCP" : "on",
        "ZIFACE" : "eth1",
        "ZNETMASK" : "",
        "ZSTRING" : "WAN",
        "ZTYPE" : "WAN"
      }
  }
}
3
Dev Stuff / Re: Config JSON structure testing
« Last post by razwall on August 29, 2025, 02:43:00 PM »
updated sample...

{
  "access" : [],
  "bridges" : {
      "br0" : {
        "interfaces" : [
            "eth0"
        ]
      }
  },
  "dhcp" : [],
  "dnat" : [
      {
        "collapsed" : true,
        "dst_dev" : [],
        "dst_ip" : [
            "X.X.X.X"
        ],
        "dst_port" : [
            "80"
        ],
        "enabled" : true,
        "filter_target" : "ACCEPT",
        "ip_version" : "4",
        "log" : true,
        "nat_target" : "DNAT",
        "protocol" : [
            "tcp"
        ],
        "remark" : "HTTP Example",
        "src_dev" : [],
        "src_ip" : [
            "any"
        ],
        "target_ip" : [
            "192.168.19.87"
        ],
        "target_port" : [
            "80"
        ]
      },
      {
        "collapsed" : true,
        "dst_dev" : [],
        "dst_ip" : [
            "X.X.X.X"
        ],
        "dst_port" : [
            "22"
        ],
        "enabled" : true,
        "filter_target" : "ACCEPT",
        "ip_version" : "4",
        "log" : true,
        "nat_target" : "DNAT",
        "protocol" : [
            "tcp"
        ],
        "remark" : "SSL Example",
        "src_dev" : [],
        "src_ip" : [
            "X.X.X.X"
        ],
        "target_ip" : [
            "192.168.19.87"
        ],
        "target_port" : [
            "22"
        ]
      },
      {
        "collapsed" : true,
        "dst_dev" : [],
        "dst_ip" : [
            "X.X.X.X"
        ],
        "dst_port" : [
            "53"
        ],
        "enabled" : true,
        "filter_target" : "ACCEPT",
        "ip_version" : "4",
        "log" : true,
        "nat_target" : "DNAT",
        "protocol" : [
            "tcp",
            "udp"
        ],
        "remark" : "DNS Example",
        "src_dev" : [],
        "src_ip" : [
            "any"
        ],
        "target_ip" : [
            "192.168.19.87"
        ],
        "target_port" : [
            "53"
        ]
      }
  ],
  "hosts" : [],
  "interfaces" : {
      "physical" : [
        "eth0",
        "eth1",
        "lo"
      ],
      "virtual" : []
  },
  "out" : [],
  "routing" : [],
  "snat" : [],
  "users" : {
      "Admin" : "admin:$apr1$qci0smug$50y/xw0j8s7vsUmW421Zi."
  },
  "vpnfw" : [],
  "vpns" : [],
  "vusers" : [],
  "zfw" : [],
  "zones" : {
      "LAN" : {
        "ZADDITIONAL" : "",
        "ZADDRESS" : "192.168.55.1",
        "ZCOLOR" : "#00ff00",
        "ZDESC" : "Primary Network",
        "ZDHCP" : "off",
        "ZIFACE" : "eth0",
        "ZNETMASK" : "/24",
        "ZSTRING" : "LAN",
        "ZTYPE" : "LAN"
      },
      "LOCAL" : {
        "ZADDITIONAL" : "",
        "ZADDRESS" : "",
        "ZCOLOR" : "black",
        "ZDESC" : "Local Loopback Adapter",
        "ZDHCP" : "off",
        "ZIFACE" : "lo",
        "ZNETMASK" : "",
        "ZSTRING" : "loopback",
        "ZTYPE" : "LOOPBACK"
      },
      "WAN" : {
        "ZADDITIONAL" : "",
        "ZADDRESS" : "",
        "ZCOLOR" : "red",
        "ZDESC" : "Primary Internet Connection",
        "ZDHCP" : "on",
        "ZIFACE" : "eth1",
        "ZNETMASK" : "",
        "ZSTRING" : "WAN",
        "ZTYPE" : "WAN"
      }
  }
}
4
Dev Stuff / Rules, Order, Samples, Routes - test configs
« Last post by razwall on August 29, 2025, 02:40:32 PM »
# =========================
# 1 Flush existing tables
# =========================
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

# =========================
# 2 Enable IP forwarding
# =========================
echo 1 > /proc/sys/net/ipv4/ip_forward

# =========================
# 3 Default Policies
# =========================
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# =========================
# 4 Allow loopback interface
# =========================
iptables -A INPUT -i lo -j ACCEPT
#iptables -A INPUT -i lo -j LOG --log-prefix "ALLOW LOOPBACK IN " --log-level 4
iptables -A OUTPUT -o lo -j ACCEPT
#iptables -A OUTPUT -o lo -j LOG --log-prefix "ALLOW LOOPBACK OUT " --log-level 4

# =========================
# 5 Allow established/related
# =========================
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A INPUT -m state --state ESTABLISHED,RELATED -j LOG --log-prefix "ALLOW EST/REL IN " --log-level 4
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j LOG --log-prefix "ALLOW EST/REL FWD " --log-level 4

# =========================
# 6 Allow LAN traffic
# =========================
iptables -A INPUT -i br0 -j ACCEPT
#iptables -A INPUT -i br0 -j LOG --log-prefix "ALLOW LAN1 INPUT " --log-level 4
iptables -A FORWARD -i br0 -o eth1 -j ACCEPT
#iptables -A FORWARD -i br0 -o eth1 -j LOG --log-prefix "ALLOW LAN1->WAN1 " --log-level 4

    # 6.5 - OPTIONAL: Allow LAN -> Additional WANs
    iptables -A FORWARD -i br0 -o eth2 -j ACCEPT
    #iptables -A FORWARD -i br0 -o eth2 -j LOG --log-prefix "ALLOW LAN1->WAN2 " --log-level 4

# =========================
# 7 SYSTEM ACCESS RULES
# =========================
# (Firewall-hosted services: SSH/HTTP/HTTPS/DHCP/DNS/OpenVPN)
# By default: only Primary LAN (br0) has access.

    # Management Access
    iptables -A INPUT -i br0 -p tcp --dport 22 -j ACCEPT
    #iptables -A INPUT -i br0 -p tcp --dport 22 -j LOG --log-prefix "ALLOW SSH br0 " --log-level 4

    iptables -A INPUT -i br0 -p tcp --dport 443 -j ACCEPT
    #iptables -A INPUT -i br0 -p tcp --dport 443 -j LOG --log-prefix "ALLOW HTTPS br0 " --log-level 4

    iptables -A INPUT -i br0 -p tcp --dport 80 -j ACCEPT
    #iptables -A INPUT -i br0 -p tcp --dport 80 -j LOG --log-prefix "ALLOW HTTP br0 " --log-level 4

    # Infrastructure Services
    iptables -A INPUT -i br0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
    #iptables -A INPUT -i br0 -p udp --dport 67:68 --sport 67:68 -j LOG --log-prefix "ALLOW DHCP br0 " --log-level 4
    iptables -A INPUT -i br1 -p udp --dport 67:68 --sport 67:68 -j ACCEPT  # OPTIONAL
    #iptables -A INPUT -i br1 -p udp --dport 67:68 --sport 67:68 -j LOG --log-prefix "ALLOW DHCP br1 " --log-level 4

    iptables -A INPUT -i br0 -p udp --dport 53 -j ACCEPT
    #iptables -A INPUT -i br0 -p udp --dport 53 -j LOG --log-prefix "ALLOW DNS-UDP br0 " --log-level 4
    iptables -A INPUT -i br0 -p tcp --dport 53 -j ACCEPT
    #iptables -A INPUT -i br0 -p tcp --dport 53 -j LOG --log-prefix "ALLOW DNS-TCP br0 " --log-level 4

    # VPN Access
    iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
    #iptables -A INPUT -i eth1 -p udp --dport 1194 -j LOG --log-prefix "ALLOW OpenVPN WAN " --log-level 4

# =========================
# 8 DNAT RULES (Port Forwards)
# =========================
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.19.87:80
iptables -A FORWARD -p tcp -d 192.168.19.87 --dport 80 -j ACCEPT
#iptables -A FORWARD -p tcp -d 192.168.19.87 --dport 80 -j LOG --log-prefix "DNAT HTTP->WebSrv " --log-level 4

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to-destination 192.168.19.87:443
iptables -A FORWARD -p tcp -d 192.168.19.87 --dport 443 -j ACCEPT
#iptables -A FORWARD -p tcp -d 192.168.19.87 --dport 443 -j LOG --log-prefix "DNAT HTTPS->WebSrv " --log-level 4

# =========================
# 9 ZONE FIREWALL (LAN ↔ LAN)
# =========================
iptables -A FORWARD -i br0 -o br1 -p tcp --dport 3389 -j ACCEPT
#iptables -A FORWARD -i br0 -o br1 -p tcp --dport 3389 -j LOG --log-prefix "ALLOW RDP br0->br1 " --log-level 4

iptables -A FORWARD -i br0 -o br1 -p tcp -d 192.168.20.50 --dport 3389 -j ACCEPT
#iptables -A FORWARD -i br0 -o br1 -p tcp -d 192.168.20.50 --dport 3389 -j LOG --log-prefix "ALLOW RDP br0->host " --log-level 4

iptables -A FORWARD -i br0 -s 192.168.10.100 -o br1 -p tcp -d 192.168.20.50 --dport 3389 -j ACCEPT
#iptables -A FORWARD -i br0 -s 192.168.10.100 -o br1 -p tcp -d 192.168.20.50 --dport 3389 -j LOG --log-prefix "ALLOW RDP host->host " --log-level 4

# =========================
# 10 VPN FIREWALL (TUN/TAP)
# =========================
iptables -A FORWARD -i tun0 -o br0 -p tcp --dport 3389 -j ACCEPT
#iptables -A FORWARD -i tun0 -o br0 -p tcp --dport 3389 -j LOG --log-prefix "ALLOW VPN->LAN1 RDP " --log-level 4

iptables -A FORWARD -i tun0 -o br1 -p tcp --dport 445 -j ACCEPT
#iptables -A FORWARD -i tun0 -o br1 -p tcp --dport 445 -j LOG --log-prefix "ALLOW VPN->LAN2 SMB " --log-level 4

iptables -A FORWARD -i tun0 -s 10.8.0.25 -o br0 -p tcp -d 192.168.10.50 --dport 3389 -j ACCEPT
#iptables -A FORWARD -i tun0 -s 10.8.0.25 -o br0 -p tcp -d 192.168.10.50 --dport 3389 -j LOG --log-prefix "ALLOW VPNclient->LANhost RDP " --log-level 4

iptables -A FORWARD -i tun0 -o br0 -j DROP
#iptables -A FORWARD -i tun0 -o br0 -j LOG --log-prefix "DROP VPN->LAN1 " --log-level 4

iptables -A FORWARD -i tun0 -o br1 -j DROP
#iptables -A FORWARD -i tun0 -o br1 -j LOG --log-prefix "DROP VPN->LAN2 " --log-level 4

# =========================
# 11 OUTBOUND FIREWALL (Optional)
# =========================
iptables -A FORWARD -i br0 -o eth1 -p tcp -m multiport --dports 80,443 -j ACCEPT
#iptables -A FORWARD -i br0 -o eth1 -p tcp -m multiport --dports 80,443 -j LOG --log-prefix "ALLOW LAN1->WAN1 WEB " --log-level 4

iptables -A FORWARD -i br0 -o eth1 -j DROP
#iptables -A FORWARD -i br0 -o eth1 -j LOG --log-prefix "DROP LAN1->WAN1 " --log-level 4

# =========================
# 12 SNAT RULES (Outbound NAT)
# =========================
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o eth1 -j LOG --log-prefix "SNAT LAN1->WAN1 " --log-level 4

iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o eth2 -j LOG --log-prefix "SNAT LAN1->WAN2 " --log-level 4

# =========================
# 13 Hygiene: Drop invalid packets
# =========================
iptables -A INPUT -m state --state INVALID -j DROP
#iptables -A INPUT -m state --state INVALID -j LOG --log-prefix "DROP INVALID IN " --log-level 4

iptables -A FORWARD -m state --state INVALID -j DROP
#iptables -A FORWARD -m state --state INVALID -j LOG --log-prefix "DROP INVALID FWD " --log-level 4

# =========================
# 14 Catch-All Logging (Optional)
# =========================
#iptables -A INPUT -j LOG --log-prefix "DROP INPUT CATCH-ALL " --log-level 4
#iptables -A FORWARD -j LOG --log-prefix "DROP FORWARD CATCH-ALL " --log-level 4

# =========================
# 15 Routing (Default/Failover/Load-Balance)
# =========================
# Single WAN default
ip route replace default via <GW1 IP> dev eth1

# OR load balance across 2 WANs
ip route replace default nexthop via <GW1 IP> dev eth1 weight 2 \
                          nexthop via <GW2 IP> dev eth2 weight 1

# OR failover setup
ip route replace default via <GW1 IP> dev eth1 metric 100
ip route replace default via <GW2 IP> dev eth2 metric 200

# =========================
# 16 Custom Routes (Per-IP / Multi-WAN)
# =========================
# Example: Force traffic to 203.0.113.50 to exit via WAN1 with specific IP
iptables -t nat -A POSTROUTING -o eth1 -d X.X.X.X -j SNAT --to-source <WAN_IP_2>
ip route add 203.0.113.50 via <GW1 IP> dev eth1

# Example: Route traffic to a specific subnet via WAN2
ip route add 198.51.100.0/24 via <GW2 IP> dev eth2

# Example: Map internal host to use a dedicated WAN IP
iptables -t nat -A POSTROUTING -s 192.168.19.100 -o eth1 -j SNAT --to-source <WAN_IP_3>
5
Dev Stuff / LB and FO rules and routes
« Last post by razwall on August 04, 2025, 02:36:36 PM »
Fail Over:

SNAT
iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE
iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE

ROUTING
ip route replace default via (WAN1 GW ADDRESS) dev ethX metric 100
ip route replace default via (WAN2 GW ADDRESS) dev ethX metric 200

Load Balance:

ROUTING
ip route replace default \
nexthop via xx.xx.xx.xx dev ethX weight 2 \
nexthop via xx.xx.xx.xx dev ethX weight1

ACTIVE ROUTE CHECK
ip route show default
6
Dev Stuff / Re: Config JSON structure testing
« Last post by techdevel2 on August 03, 2025, 03:35:27 AM »
Hi,
Good to see the progress with dynamic ZONE creation as the default feature. I came across the IPFire code related to zone creation which is done by "setup" program/module while installing it. Basically it is written in C  which is doing the zone creation related steps and interface assignment etc [here is the link.  https://github.com/ipfire/ipfire-2.x/blob/master/src/setup/networking.c]. I am thinking to change this bottleneck for IPFire though i am not good in advance c programming [ it is already mentioned by the IPFire author . https://www.ipfire.org/docs/roadmap/get-rid-of-configtype-in-network-config ].  Actually, i am impressed with IPFire because of its build system which gives freedom for any thing as per the developer/user expertise.
Well, i am also waiting for your distro as well. well, it would be good if you make a roadmap of different tasks and ask other on the forum for the development . This will definitely reduce burden on you and also gives opportunity to other to contribute. 
7
Dev Stuff / Config JSON structure testing
« Last post by razwall on July 29, 2025, 11:25:06 AM »
{
  "bridges" : {
      "br0" : {
        "interface" : "eth0",
        "interfaces" : [
            "eth0"
        ]
      },
      "br1" : {
        "interface" : "eth7",
        "interfaces" : [
            "eth7"
        ]
      },
      "br2" : {
        "interface" : "br0.200",
        "interfaces" : [
            "br0.200"
        ]
      },
      "br3" : {
        "interface" : "eth2.200",
        "interfaces" : [
            "eth2.200"
        ]
      },
      "br4" : {
        "interfaces" : [
            "eth0.500"
        ]
      }
  },
  "dnat" : [
      {
        "collapsed" : true,
        "dst_dev" : [],
        "dst_ip" : [
            "xx.xxx.xx.xx"
        ],
        "dst_port" : [
            "80"
        ],
        "enabled" : true,
        "filter_target" : "ACCEPT",
        "ip_version" : "4",
        "log" : true,
        "nat_target" : "DNAT",
        "protocol" : [
            "tcp"
        ],
        "remark" : "HTTP Example",
        "src_dev" : [],
        "src_ip" : [
            "any"
        ],
        "target_ip" : [
            "192.168.19.87"
        ],
        "target_port" : [
            "80"
        ]
      },
      {
        "collapsed" : true,
        "dst_dev" : [],
        "dst_ip" : [
            "xx.xxx.xx.xx"
        ],
        "dst_port" : [
            "22"
        ],
        "enabled" : true,
        "filter_target" : "ACCEPT",
        "ip_version" : "4",
        "log" : true,
        "nat_target" : "DNAT",
        "protocol" : [
            "tcp"
        ],
        "remark" : "SSL Example",
        "src_dev" : [],
        "src_ip" : [
            "xx.xxx.xx.xx"
        ],
        "target_ip" : [
            "192.168.19.87"
        ],
        "target_port" : [
            "22"
        ]
      },
      {
        "collapsed" : true,
        "dst_dev" : [],
        "dst_ip" : [
            "24.111.67.50"
        ],
        "dst_port" : [
            "53"
        ],
        "enabled" : true,
        "filter_target" : "ACCEPT",
        "ip_version" : "4",
        "log" : true,
        "nat_target" : "DNAT",
        "protocol" : [
            "tcp",
            "udp"
        ],
        "remark" : "DNS Example",
        "src_dev" : [],
        "src_ip" : [
            "any"
        ],
        "target_ip" : [
            "192.168.19.87"
        ],
        "target_port" : [
            "53"
        ]
      }
  ],
  "interfaces" : {
      "physical" : [
        "eth0",
        "eth1",
        "eth2",
        "eth3",
        "eth4",
        "eth5",
        "eth6",
        "eth7",
        "lo"
      ],
      "virtual" : [
        "eth2.200",
        "eth0.500"
      ]
  },
  "users" : {
      "Admin" : "admin:REMOVED"
  },
  "zones" : {
      "LAN" : {
        "ZADDITIONAL" : "",
        "ZADDRESS" : "",
        "ZCOLOR" : "green",
        "ZDESC" : "Primary LAN Network",
        "ZDHCP" : "off",
        "ZIFACE" : "eth0",
        "ZNETMASK" : "",
        "ZSTRING" : "LAN",
        "ZTYPE" : "LAN"
      },
      "LOCAL" : {
        "ZCOLOR" : "black",
        "ZDESC" : "Local Loopback Adapter",
        "ZIFACE" : "lo",
        "ZSTRING" : "loopback",
        "ZTYPE" : "LOOPBACK"
      },
      "PATRON" : {
        "ZADDITIONAL" : "",
        "ZADDRESS" : "",
        "ZCOLOR" : "#8000ff",
        "ZDESC" : "patron LAN",
        "ZDHCP" : "off",
        "ZIFACE" : "eth2.200",
        "ZNETMASK" : "",
        "ZSTRING" : "PATRON",
        "ZTYPE" : "LAN"
      },
      "WAN" : {
        "ZADDITIONAL" : "",
        "ZADDRESS" : "",
        "ZCOLOR" : "red",
        "ZDESC" : "Primary Internet Connection",
        "ZDHCP" : "off",
        "ZIFACE" : "eth1",
        "ZNETMASK" : "",
        "ZSTRING" : "WAN",
        "ZTYPE" : "WAN"
      }
  }
}
8
News / RazWall Development Update 7-29-2025
« Last post by razwall on July 29, 2025, 11:17:36 AM »
I have consolidated the configs into a singe JSON format (razwall-master.json) and a queue file for pending changes (razall-queue.json). The queue will still allow for changes to be made without applying the settings. This will make backup and restore much easier. it will also make tracking down config errors and manual modifications and third party additions easier to work with.

The VLAN section is now functional. A VLAN can be created and attached to an interface which is then bridged to the selected physical interface. The new virtual interface can be assigned as a new zone which in turn will have its own rules and DHCP config.

9
News / Re: update 5/16/2025
« Last post by razwall on July 17, 2025, 09:37:57 AM »
I am working to pick all of these pieces apart so they can all be configured separately. Once this is working, I can build a new 'wizard' that will run independently of the main admin scripts rather than having them all mashed together while tracking all of the 'switches' they used. While I am doing this, I figured I might as well rewrite the configs to use a global JSON file format. This way the program is not trying to read 30 or 40 configs on login and track it across sessions using state files. I have pulled the thread on the sweater and it is unraveling.
10
News / Re: update 5/16/2025
« Last post by techdevel2 on July 06, 2025, 10:22:47 AM »
Hi,
I think so you are working with the netwizard module of endian cgi's. I have used pfsense/opnsense and their way of interface assignment is very good.  I think, redesign required in the network wizard for the dynamic zone incorporation or management. 
Pages: [1] 2 3 ... 9