Project

General

Profile

Actions

Todo #8332

closed

pfBlockerNG doesn't include L2TP interface in outbound floating rules

Added by Stuart Wyatt over 6 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
pfBlockerNG
Target version:
-
Start date:
02/15/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:

Description

pfBlockerNG needs an option on the General tab for "L2TP Interface" similar to the "OpenVPN Interface" and "IPSec Interface" options.

Without the option the auto outbound floating rules do not have the L2TP VPN interface selected.

Actions #1

Updated by Jim Pingle over 6 years ago

  • Target version deleted (2.4.3)
Actions #2

Updated by BBcan177 . about 6 years ago

I am not sure this needs an option? Aren't the interfaces available?

Actions #3

Updated by Stuart Wyatt about 6 years ago

I'm not sure what you mean by "interfaces available". The problem is that there are no options for the L2TP interface similar to the two check box options below:

OpenVPN Interface:
Select to add auto-rules for OpenVPN. This is only required when the OpenVPN Interface is not listed above.
OpenVPN Server (Outbound auto-rules only), OpenVPN Client (Both In/Outbound auto-rules)
These will be added to 'Floating Rules' or OpenVPN rules tab.

IPSec Interface:
Select to add 'Outbound' auto-rules for IPSec. These will be added to 'Floating Rules' or IPSec rules tab.

Actions #4

Updated by Viktor Gurov over 4 years ago

Mpd5 will create new L2TP interfaces for each client:
l2tp0, l2tp1, l2tp2 etc..

The only way to apply firewall rules on L2TP clients is to use floating rules

see https://redmine.pfsense.org/issues/4727

Actions #5

Updated by Stuart Wyatt over 4 years ago

Something still needs to be fixed.

Either the rule needs to be applied to any/all L2TP interfaces created, or the option to select "L2TP VPN" interface in Rules/Floating/Edit Firewall Rule/Interface shouldn't be there if it won't work.

The former would be the ideal solution, but if it can't be done the UI should not imply that it can be done.

Actions #6

Updated by Jim Pingle over 4 years ago

Rules shouldn't be needed for each individual L2TP interface. There is an interface group called "l2tp" which handles rules for all interfaces involved in L2TP internally. See my reply on #4727.

Actions #8

Updated by Jim Pingle about 4 years ago

  • Status changed from New to Pull Request Review
Actions #9

Updated by Renato Botelho about 4 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #10

Updated by Danilo Zrenjanin about 4 years ago

Tested on :

2.5.0-DEVELOPMENT (amd64)
built on Tue Oct 06 12:54:27 EDT 2020
FreeBSD 12.2-STABLE

Once I set up L2TP server, the L2TP interface appeared in the list under pfBlockerNG IP and DNSBL tabs. Rules were added on the L2TP interface after I selected it from the list.

The ticket can be resolved.

Actions #11

Updated by Jim Pingle about 4 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF