Feature #16887
closed
Todo #16874: Improve handling of custom interface assignments
Extend ``enableallowallwan`` script to apply to all WAN interfaces
100%
Description
Option 12 in the console menu includes enableallowallwan which creates a rule on wan to allow all traffic which is useful when troubleshooting and during initial firewall setup. The script is less useful when the client device connecting to the firewall is on a different WAN interface. Extend the script so a rule is created above all others on each WAN interface. A single floating rule isn't used instead because reply-to would be lost.
Updated by Jim Pingle 2 days ago
IMO this shouldn't add to all WANs. It's already punching a huge security hole in the firewall as it is. The enableallowallwan script is just a quick shortcut to get you in so you can fix access issues in a better way. The less cleanup after, the better. If it were to change, it could maybe go in as a floating rule to allow into the GUI from any interface, but that's harder for users to notice and fix after.
If someone wants to add it to more interfaces, the easyrule CLI script can easily do so.
Updated by Marcos M about 24 hours ago
- Status changed from Feedback to Rejected
OK. The script can instead create the rule on the first available WAN rather than specifically wan.