Recent Posts

Pages: 1 ... 3 4 [5] 6 7

News / Re: Firewall update

« Last post by razwall on January 13, 2025, 08:54:09 AM »

I started building a custom ISO this weekend. I will release for testing as soon as I am able to rebuild without error. This will NOT be a functional build rather a "developer preview". Once released this will serve as a development platform and (hopefully) used to make pull requests for testing.

News / Re: Github

« Last post by techdevel2 on January 11, 2025, 12:46:39 PM »

good work.
thanks

News / Re: Firewall update

« Last post by techdevel2 on January 11, 2025, 12:41:31 PM »

Hi,
nice progress btw. very soon we will see iso/img for testing your work for open source community.

News / Firewall update

« Last post by razwall on January 10, 2025, 11:28:42 AM »

I have completed the SNAT and DNAT rewrite in Perl. I will continue to work on converting the other firewall components. I am also working on building an automated ISO so users can begin testing and participating in development. I am probably a month or so out from having an auto-install ready.

Dev Stuff / Edian Menu Items

« Last post by razwall on January 08, 2025, 02:10:25 PM »

Logout - https://192.168.0.1:10443/cgi-bin/logout.cgi
* Help - https://192.168.0.1:10443/manage/opentsa/

* System - https://10.40.0.1:10443/manage/dashboard

* Dashboard - https://10.40.0.1:10443/manage/dashboard
Network configuration - https://10.40.0.1:10443/cgi-bin/netwizard.cgi
* Event notifications - https://10.40.0.1:10443/manage/notifications
Updates - https://10.40.0.1:10443/cgi-bin/efw-register.cgi
Passwords - https://10.40.0.1:10443/cgi-bin/changepw.cgi
* Web Console - https://10.40.0.1:10443/manage/webshell
* SSH access - https://10.40.0.1:10443/manage/openssh
GUI settings - https://10.40.0.1:10443/cgi-bin/gui.cgi
Backup - https://10.40.0.1:10443/cgi-bin/backup.cgi
Shutdown - https://10.40.0.1:10443/cgi-bin/shutdown.cgi

Status - https://10.40.0.1:10443/cgi-bin/status.cgi

System status - https://10.40.0.1:10443/cgi-bin/status.cgi
Network status - https://10.40.0.1:10443/cgi-bin/netstatus.cgi
System graphs - https://10.40.0.1:10443/cgi-bin/graphs.cgi
Traffic Graphs - https://10.40.0.1:10443/cgi-bin/graphs.cgi?graph=network
Proxy graphs - https://10.40.0.1:10443/cgi-bin/graphs.cgi?graph=proxy
Connections - https://10.40.0.1:10443/cgi-bin/connections.cgi
* VPN connections - https://10.40.0.1:10443/manage/vpnauthentication/connection
SMTP mail statistics - https://10.40.0.1:10443/cgi-bin/mailgraph.cgi
Mail queue - https://10.40.0.1:10443/cgi-bin/mailqueue.cgi

* Network - https://10.40.0.1:10443/manage/dnsmasq/hosts

* Edit hosts - https://10.40.0.1:10443/manage/dnsmasq/hosts
Routing - https://10.40.0.1:10443/cgi-bin/routing.cgi

Static Routing - https://10.40.0.1:10443/cgi-bin/routing.cgi
Policy Routing - https://10.40.0.1:10443/cgi-bin/policy_routing.cgi

Interfaces - https://10.40.0.1:10443/cgi-bin/uplinkeditor.cgi

* Services - https://10.40.0.1:10443/manage/dhcp/settings

* DHCP Server - https://10.40.0.1:10443/manage/dhcp/settings

* Server configuration - https://10.40.0.1:10443/manage/dhcp/settings
* Fixed leases - https://10.40.0.1:10443/manage/dhcp/fixed_leases
* Dynamic leases - https://10.40.0.1:10443/manage/dhcp/leases

Dynamic DNS - https://10.40.0.1:10443/cgi-bin/ddns.cgi
Antivirus Engine - https://10.40.0.1:10443/cgi-bin/clamav.cgi
Time server - https://10.40.0.1:10443/cgi-bin/clamav.cgi
* Intrusion Prevention - https://10.40.0.1:10443/cgi-bin/time.cgi

* intrusion Prevention System - https://10.40.0.1:10443/manage/ips
* Rules - https://10.40.0.1:10443/manage/ips/rules
* Editor - https://10.40.0.1:10443/manage/ips/editor

* Traffic Monitoring - https://10.40.0.1:10443/manage/ntop

* administration interface - https://10.40.0.1:10443/manage/ntopproxy

SNMP Server - https://10.40.0.1:10443/cgi-bin/snmp.cgi
* Quality of Service - https://10.40.0.1:10443/manage/qos/devices

* Devices - https://10.40.0.1:10443/manage/qos/devices
* Classes - https://10.40.0.1:10443/manage/qos/classes
* Rules - https://10.40.0.1:10443/manage/qos/rules

Firewall - https://10.40.0.1:10443/cgi-bin/dnat.cgi

Port forwarding / NAT - https://10.40.0.1:10443/cgi-bin/dnat.cgi

port formwarding / Destination NAT - https://10.40.0.1:10443/cgi-bin/dnat.cgi
Source NAT - https://10.40.0.1:10443/cgi-bin/snat.cgi
Incoming routed traffic - https://10.40.0.1:10443/cgi-bin/incoming.cgi

Outgoing traffic - https://10.40.0.1:10443/cgi-bin/outgoingfw.cgi
Inter-Zone traffic - https://10.40.0.1:10443/cgi-bin/zonefw.cgi
VPN traffic - https://10.40.0.1:10443/cgi-bin/vpnfw.cgi
System access - https://10.40.0.1:10443/cgi-bin/xtaccess.cgi
* Firewall Diagrams - https://10.40.0.1:10443/manage/firewall/diagram

Proxy - https://10.40.0.1:10443/cgi-bin/proxyconfig.cgi

HTTP - https://10.40.0.1:10443/cgi-bin/proxyconfig.cgi

Configuration - https://10.40.0.1:10443/cgi-bin/proxyconfig.cgi
Access Policy - https://10.40.0.1:10443/cgi-bin/proxypolicy.cgi
Authentication - https://10.40.0.1:10443/cgi-bin/proxyauth.cgi
* Web Filter - https://10.40.0.1:10443/manage/urlfilter
* AD join - https://10.40.0.1:10443/manage/proxy/adjoin
* HTTPS Proxy - https://10.40.0.1:10443/manage/proxy/https

POP3 - https://10.40.0.1:10443/cgi-bin/p3scan.cgi
FTP - https://10.40.0.1:10443/cgi-bin/frox.cgi
SMTP - https://10.40.0.1:10443/cgi-bin/smtpconfig.cgi
* DNS - https://10.40.0.1:10443/manage/dnsmasq/dnsproxy

* VPN - https://10.40.0.1:10443/manage/openvpn

* OpenVPN server - https://192.168.0.1:10443/manage/openvpn
OpenVPN client (Gw2Gw) - https://192.168.0.1:10443/cgi-bin/openvpnclient.cgi
* IPsec - https://192.168.0.1:10443/manage/ipsec
* Authentication - https://192.168.0.1:10443/manage/vpnauthentication/user
* Certificates - https://192.168.0.1:10443/manage/ca/certificate

* Certificates - https://192.168.0.1:10443/manage/ca/certificate
* Certificate Authority - https://192.168.0.1:10443/manage/ca/certificate_authority
* Revoked Certificates - https://192.168.0.1:10443/manage/ca/revoked_certificate
* Certificate Revocation List - https://192.168.0.1:10443/manage/ca/crl

Logs and Reports - https://10.40.0.1:10443/cgi-bin/logs_live_list.cgi

Live Logs - https://192.168.0.1:10443/cgi-bin/logs_live_list.cgi
Summary - https://192.168.0.1:10443/cgi-bin/logs_summary.cgi
System - https://192.168.0.1:10443/cgi-bin/logs_log.cgi
Service - https://192.168.0.1:10443/cgi-bin/logs_ids.cgi

IDS - https://192.168.0.1:10443/cgi-bin/logs_ids.cgi
OpenVPN - https://192.168.0.1:10443/cgi-bin/logs_openvpn.cgi
ClamAV - https://192.168.0.1:10443/cgi-bin/logs_clamav.cgi

Firewall - https://192.168.0.1:10443/cgi-bin/logs_firewall.cgi
Proxy - https://192.168.0.1:10443/cgi-bin/logs_proxy.cgi

HTTP - https://192.168.0.1:10443/cgi-bin/logs_proxy.cgi
HTTP report - https://192.168.0.1:10443/cgi-bin/sarg.cgi
SMTP - https://192.168.0.1:10443/cgi-bin/logs_smtp.cgi

Settings - https://192.168.0.1:10443/cgi-bin/logs_config.cgi
* Trusted Timestamping - https://192.168.0.1:10443/manage/opentsa

Dev Stuff / Test Rules

« Last post by razwall on January 08, 2025, 02:08:30 PM »

/razwall/config/dnat/config
on,tcp,,any,x.x.x.51:UPLINK:main,,8080,192.168.0.14,8080,DNAT,internal www server,,ACCEPT
on,tcp,,any,x.x.x.51:UPLINK:main,,443,192.168.0.14,443,DNAT,inernal www SSL server,,ACCEPT
on,tcp&udp,,any,x.x.x.54:UPLINK:main,,80&443,192.168.0.46,,DNAT,Mobile Print Server,,ALLOW
on,,,any,x.x.x.53:UPLINK:main,,,192.168.14.2,,DNAT,CCREADER on x.x.x.53,,ALLOW

/razwall/config/incomming/config
on,,,103.79.141.172&172.206.138.254&163.172.204.79&103.77.192.219&104.140.114.110&185.224.128.83&104.250.191.110&114.141.53.82&108.61.246.56&149.28.14.163&194.233.83.109&157.230.221.198&167.99.168.251&185.250.151.72&192.81.208.169&203.160.69.66&211.56.98.146&5.254.43.18&80.92.205.81&79.124.62.182&209.141.60.60&176.58.124.134&194.26.29.11&87.251.75.145&144.172.73.40&192.35.168.128&37.64.150.50&222.186.136.150&193.27.228.27&80.82.65.213&185.132.53.161&185.202.2.68&45.148.10.202&84.54.51.37&152.32.173.15&80.82.77.202&91.92.247.159&184.105.247.252&78.153.140.179&118.193.73.8&115.231.78.3&106.75.166.204&184.105.139.70&91.243.50.206&158.46.145.178&91.92.241.222&194.165.1.22&101.36.97.187&27.222.11.186,,,,DROP,BLOCK'EM,on

/razwall/config/outgoing/config
on,,,198.54.115.49&thluongphu.online,,DROP,,PHISING SITES,,,,
on,,,,,ALLOW,,Allow all PHONE outbound,,lan2,,
on,,,,,ALLOW,,allow lan all TEST,,PHYSDEV:eth0.1,,
on,udp,,,1194,ALLOW,,OUTBOUND OPENVPN,,PHYSDEV:eth0.1,,
on,tcp&udp,,,119&123&13,ACCEPT,,Allow NTP,,,,
on,tcp&udp,,,49152:65535,ALLOW,,ROBLOX PORTS,,,,
on,tcp&udp,,8.8.8.8&8.8.4.4&208.67.222.222&208.67.220.220&185.228.168.168&185.228.169.168&185.228.168.10&185.228.169.11&185.228.168.9&185.228.169.9&x.x.x.130,53,ACCEPT,,allow DNS,,,,
on,tcp,,,80,ALLOW,,allow HTTP,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp,,,443,ALLOW,,allow HTTPS,,lan&lan2&dmz,,
on,tcp,,,21,ALLOW,,allow FTP,,PHYSDEV:eth0.1,,
on,tcp,192.168.0.23&192.168.0.38&192.168.0.60&192.168.1.103&192.168.1.102&192.168.0.114&192.168.0.81&192.168.0.9,,25,ALLOW,,allow SMTP,on,,,
on,tcp,,,110,ALLOW,,allow POP,off,lan,,
on,tcp,,,143,ALLOW,,allow IMAP,,PHYSDEV:eth0.1,,
on,tcp,,,995,ALLOW,,allow POP3s,,PHYSDEV:eth0.1,,
on,tcp,,,993,ALLOW,,allow IMAPs,,PHYSDEV:eth0.1,,
on,icmp,,,8&30,ALLOW,,allow PING,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp&udp,,,6333&5363&6048,ACCEPT,,ALEPH/POLARIS,,,,
on,tcp&udp,,,22&2220,ACCEPT,,web ssh,,,,
on,tcp&udp,,,4433,ACCEPT,,Connie SSL VPN to City,,PHYSDEV:eth0.1,,
on,,,24.111.245.154,,ALLOW,,Supervene All Access,,,,
on,tcp&udp,,,2050:2150,ALLOW,,ODIN Proxy,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp&udp,,,993&465&587,ALLOW,,GMAIL imap ssl,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp,,,843&2221&2222&2227&13207&13217&13227&13237&13247&13257,ALLOW,,ALLOW VUDU STREAMING,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp&udp,,,25&993&587&143&110&995,ALLOW,,Allow Mail Application Ports,,dmz,,
on,tcp&udp,,,1935,ACCEPT,,ADOBE CONNECT,,,,
on,udp,,,1024:65534,DROP,,block torrent ports,on,,,
on,,,192.42.116.41,,DROP,,BLOCK BOTNET OUTBOUND,on,,,
on,,,24.111.245.154,,ACCEPT,,allow all to bryan ip,,,,
on,tcp&udp,,,500&4500&1701&1723,ALLOW,,Guest VPN Out,,dmz,,
on,tcp&udp,,,4435&6667&123&,ALLOW,,PBX SWITCH - NEBULA,on,PHYSDEV:eth0.1,,
on,,,,,ALLOW,,Allow CC outbound for all,,PHYSDEV:eth0.700,,

/razwall/config/routing/config
on,,,UPLINK:main,Failover for LAN to WAN,,,,,,lan2&dmz&PHYSDEV:eth0.1&PHYSDEV:eth0.600&PHYSDEV:eth0.700,on
off,,192.168.0.8&192.168.0.26,192.168.1.1,allow dhcp vlan to lan,,udp,67&68,,,dmz,

/razwall/config/snat/config
on,,192.168.0.14,,,UPLINK:main,SNAT,web.domain.local out .51,,x.x.x.51
on,,192.168.14.0/24,,,UPLINK:main,SNAT,vlan 700 to x.x.x.53 external IP,,x.x.x.53

/razwall/config/vpnfw/config
on,,,,,ALLOW,,,,VPN:gfptohome,lan&dmz

/razwall/config/xtaccess/config
tcp,192.168.0.0/24,22&80&10443,off,,x.x.x.50:UPLINK:main,,INPUTFW,ACCEPT,,
tcp,,22,on,,PHYSDEV:eth0.1,,INPUTFW,ALLOW,,

/razwall/config/zonefw/config
on,,,,,DROP,,BLOCK VLAN1 to VLAN700,,PHYSDEV:eth0.1,PHYSDEV:eth0.700
on,,,,,DROP,,BLOCK VLAN700 to VLAN1,,PHYSDEV:eth0.700,PHYSDEV:eth0.1
on,,,,,ACCEPT,,ALLOW VLAN1 lan to VLAN1 lan,,PHYSDEV:eth0.1,PHYSDEV:eth0.1
on,,,,,ACCEPT,,LAN to PHONES,,PHYSDEV:eth0.1,lan2
on,,,,,ACCEPT,,,,lan&PHYSDEV:eth0.1,dmz&PHYSDEV:eth1.200
on,,,,,ACCEPT,,,,lan2,lan2
on,,,,,ACCEPT,,,,dmz,dmz
on,tcp&udp,,192.168.0.34,7725,ACCEPT,,DEEP FREEZE,,dmz,
on,tcp&udp,,192.168.0.2&192.168.0.3&,53,ALLOW,,INTERNAL DNS LOOKUPS,,dmz,
on,tcp,,192.168.0.14,80,ALLOW,,,,dmz,
on,tcp&udp,,192.168.0.33,1688,ACCEPT,,Allow KMS Activation,,dmz,
on,tcp,192.168.1.102&192.168.1.103,192.168.0.19,25,ALLOW,,allow checks to send mail from LAN,,,
on,tcp,,192.168.0.82,80,ALLOW,,CaptivePortalTest,,dmz,

Dev Stuff / uplink status JSON response

« Last post by razwall on January 08, 2025, 02:04:37 PM »

{
"cacheHitAt": 1731600455.4530821,
"cachedOn": 1731600454.6696789,
"time": 1731600454.66975,
"uplinks": [
{
"status": "ACTIVE",
"defaultGatewayTimestamp": 1731349117.8499999,
"managed": "on",
"shouldBeUp": true,
"canStart": true,
"isLinkAlive": true,
"data": {
"name": "'Main uplink'",
"ip": "x.x.x.x",
"last_retry": "",
"interface": "eth3",
"type": "STATIC",
"gateway": "x.x.x.x"
},
"defaultGateway": true,
"uptime": "2d 21h 50m 14s",
"name": "main",
"isLinkActive": true,
"enabled": "on",
"autostart": "on",
"hasChanged": true
},
{
"status": "ACTIVE",
"defaultGatewayTimestamp": -1,
"managed": "on",
"shouldBeUp": true,
"canStart": true,
"isLinkAlive": true,
"data": {
"name": "'WAN2'",
"ip": "x.x.x.x",
"last_retry": "",
"interface": "eth2",
"type": "DHCP",
"gateway": "x.x.x.x"
},
"defaultGateway": false,
"uptime": "2d 21h 49m 37s",
"name": "uplink1",
"isLinkActive": true,
"enabled": "on",
"autostart": "on",
"hasChanged": true
}
],
"cached": true
}

{
"cacheHitAt":1735250063,
"cached":true,
"time":1735250063,
"cachedOn":1735250063,
"uplinks": [
{
"managed":"on",
"defaultGatewayTimestamp":"1731349077",
"isLinkAlive":true,
"enabled":"on",
"name":"uplink1",
"shouldBeUp":true,
"uptime":"9d 3h 30m 48s",
"data": {
"last_retry":"",
"ip":"x.x.x.x",
"name":"'WAN2'",
"type":"DHCP",
"gateway":"x.x.x.x",
"interface":"eth2"
},
"isLinkActive":true,
"autostart":"on",
"defaultGateway":false,
"status":"ACTIVE",
"hasChanged":true,
"canStart":true
},
{
"autostart":"on",
"defaultGateway":true,
"isLinkActive":true,
"status":"ACTIVE",
"hasChanged":true,
"canStart":true,
"managed":"on",
"defaultGatewayTimestamp":"1731349040",
"isLinkAlive":true,
"enabled":"on",
"name":"main",
"shouldBeUp":true,
"uptime":"9d 3h 30m 48s",
"data": {
"type":"STATIC",
"gateway":"x.x.x.x",
"ip":"x.x.x.x",
"name":"'Main uplink'",
"last_retry":"",
"interface":"eth3"
}
}
]
}

Dev Stuff / Endian ip chains

« Last post by razwall on January 08, 2025, 02:02:43 PM »

Chain INPUT (policy DROP)
Chain FORWARD (policy DROP)
Chain OUTPUT (policy ACCEPT)
Chain ALLOW (109 references)
Chain ALLOW_HOOKS (1 references)
Chain BADTCP (2 references)
Chain BADTCP_LOGDROP (11 references)
Chain CUSTOMFORWARD (1 references)
Chain CUSTOMINPUT (1 references)
Chain CUSTOMOUTPUT (1 references)
Chain HAFORWARD (1 references)
Chain HANDLE_ESTABLISHED (2 references)
Chain ICMP_LOGDROP (2 references)
Chain INCOMINGFW (1 references)
Chain INPUTFW (13 references)
Chain INPUTFW_LOGDROP (12 references)
Chain INPUTTRAFFIC (1 references)
Chain LOG_FORWARD (1 references)
Chain LOG_INPUT (1 references)
Chain NEWNOTSYN (0 references)
Chain NEWNOTSYN_LOGDROP (2 references)
Chain OPENVPNCLIENTDHCP (1 references)
Chain OPENVPNDHCP (1 references)
Chain OUTGOINGFW (1 references)
Chain PORTFWACCESS (1 references)
Chain PROXYIN (1 references)
Chain PROXYOUT (1 references)
Chain PROXYOUTGOINGFW (62 references)
Chain QUEUEFW (1 references)
Chain REDINPUT (1 references)
Chain VPNFW (19 references)
Chain VPNFWBRIDGE (1 references)
Chain VPNFWDST (0 references)
Chain VPNFW_LOGDROP (19 references)
Chain VPNTRAFFIC (1 references)
Chain VPN_AS (1 references)
Chain ZONEFW (9 references)
Chain ZONEFW_LOGDROP (9 references)
Chain ZONETRAFFIC (1 references)

Dev Stuff / Re: Canned Perl based Dashboard JSON XHR Request Data Responses

« Last post by razwall on December 30, 2024, 04:03:10 PM »

New dashboard:
[code]
#!/usr/bin/perl

#
# +-----------------------------------------------------------------------------+
# | RazWall Firewall |
# +-----------------------------------------------------------------------------+
# | Copyright (c) 2024 RazWall |
# | |
# | This program is free software; you can redistribute it and/or |
# | modify it under the terms of the GNU General Public License |
# | as published by the Free Software Foundation; either version 2 |
# | of the License, or (at your option) any later version. |
# | |
# | This program is distributed in the hope that it will be useful, |
# | but WITHOUT ANY WARRANTY; without even the implied warranty of |
# | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
# | GNU General Public License for more details. |
# | |
# | You should have received a copy of the GNU General Public License |
# | along with this program; if not, write to the Free Software |
# | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
# | http://www.fsf.org/ |
# +-----------------------------------------------------------------------------+
#

use lib '/razwall/web/cgi-bin/';
require 'header.pl';

$thisPath = $ENV{'REQUEST_URI'};
$thisAddress = $ENV{'SERVER_NAME'};

getcgihash(\%par);
%template = ();

undef $pagename;
undef $nomenu;
undef $nostatus;

readhash($productfile, \%producthash);
readhash($wizardfile, \%wizardhash);

# build system paths
$cgi_path = $1 if (($ENV{'SCRIPT_FILENAME'}||$0) =~ m/^(.*)(\\|\/)(.+?)$/);
$templates = $cgi_path . '/templates.pl';

# Check that templates file can be loaded..
&loadTemplates;

showhttpheaders();

openpage('Dashboard');

&getTemplate('dashboard');
&doSub('TITLE', 'RazWall Dashboard');
&printTemplate;

&closepage();

1;
[/code]

News / Re: Github

« Last post by razwall on December 30, 2024, 02:46:41 PM »

Pushed a bunch more code changes today.
The I have almost everything working on Slackware 15 without python and without EMI

Pages: 1 ... 3 4 [5] 6 7

News:

Recent Posts

News / Re: Firewall update

News / Re: Github

News / Re: Firewall update

News / Firewall update

Dev Stuff / Edian Menu Items

Dev Stuff / Test Rules

Dev Stuff / uplink status JSON response

Dev Stuff / Endian ip chains

Dev Stuff / Re: Canned Perl based Dashboard JSON XHR Request Data Responses

News / Re: Github