Package & firewall options



  • Hello

    Some packages require the use of control filter firewall (squid & etc..).
    Possible add new stndard tag <filter_custom_rules>to the package XML file, and inplace modification in filter.inc for packages?
    This avoids the modification filter.inc in filter-depends packages.
    ps Of couse critical(system) packages must have first priority before other.
    pps sorry my english.</filter_custom_rules>



  • Actually NO they should not have any priority.
    I have made sure that if you redirect packets to localhost they will be sent to but the Firewall->Rules must override default rules of packages for  various reasons.

    I think for your original request there is a hook somewhere that searches /usr/local/pkg for inc files and for functions with $packagename_filter_rules or some such. Check the squid function name…



  • @ermal:

    Actually NO they should not have any priority.
    I think for your original request there is a hook somewhere that searches /usr/local/pkg for inc files and for functions with $packagename_filter_rules or some such. Check the squid function name…

    I want to explain what I mean
    This hooks exists for squid, clamav, (and some other) Pkg

    if (is_package_installed('squid') && file_exists('/usr/local/pkg/squid.inc')) {
    require_once('squid.inc');
    $natrules .= squid_generate_rules('nat');
    }

    if (is_package_installed('clamav') && file_exists('/usr/local/pkg/clamav.inc')) {
    require_once('clamav.inc');
    $natrules .= clamav_generate_rules('nat');
    }

    May be possible check all pacсckages ?

    for ($installed_packages as $pkg) {
    if (is_package_installed($pkg['package-name']) && file_exists($pkg['package-incfile'])) {
    .. exec pkg _generate_rules('nat'); for package
    }
    }

    Sorry. Perhaps I did not understand your answer completely


Log in to reply