Bonjour and bridged openvpn.



  • I know I made a post about this recently, but I have the firewalling statements Ineed to get it working, but I don't know the "right" way to get this to happen on pfsense:

    pass in quick on if1 dup-to if2 inet proto udp from any to 224.0.0.251 port = 5353
    pass in quick on if2 dup-to if1 inet proto udp from any to 224.0.0.251 port = 5353

    Taken from this site:

    http://www.section6.net/wiki/index.php/Setting_up_a_Secure_Bridged_(Wireless)_Network_with_OpenVPN

    Is there any way to create these statements in the UI?  If not, it brings up a question if there shouldn't be a "custom rules" area that you can create rules not easily creatable via the UI.



  • Not in 1.0.

    Dup-to is a feature in head.



  • Ah, thanks.  I got to thinking (I know, patches accepted.  I finally got pfSense work into our devs' production schedule), it might not be the worst idea until the Firewall Rules page to have an "Add Custom Rule" where rules that don't fall into the way the UI writes them can be manually added, and have it to where variables are still parsed (ie, I can put $OPT1, and XMLRPC sync will work as $OPT is a parseable variable).

    Still have a line and a description, and allow the user to re-order it amongst the rest of the rules.  If that can be done from a skinning interface, then I'll have my devs do it.  I'm having them write a custom pfSense skin where AJAX-style drag and drop is more useable.  I'm going to have them use the pfSense deveopment distro, so if this is already in the versioning system, they can work off of that, otherwise I'll have them start fresh.  The firewall rules page was my first target anyway, and if adding this can be done from a skin, I'll have them put it in with it, otherwise I'll have it as a seperate task.



  • Sounds great.  You can post patches to the development area here.  diff -rub format is ideal.  Oh, and patches should be against -HEAD



  • Thanks.  Just for clarification, drag and drop type things can go into a skin I'm pretty sure (I hope?).

    Something such as an advanced rule entry however would probably have to go into the main ui codebase.  Does that sound right?



  • @Numbski:

    Thanks.  Just for clarification, drag and drop type things can go into a skin I'm pretty sure (I hope?).

    Yep, we already have prototype and script.aculo.us included.

    @Numbski:

    Something such as an advanced rule entry however would probably have to go into the main ui codebase.  Does that sound right?

    I am not really sure about that one.  It would require a lot of new xml atributes in config.xml.



  • Having not really poked and prodded around in config.xml any more than absolutely required, I don't know what to say to that. :D

    Is the config.xml structure documented at all, or is it a dig through and pray operation? ;)

    The more I think about it though, it should probably be in the main ui code, presuming you guys are okay with merging it in.  I'll try to look over the rules structure in config.xml and see if a simple solution presents itself.

    The scriptaculous prototype…is it already in -head?  If not, is there a diff available?  Seems silly to re-tread what you guys have already done, I want our contributions to be worthwhile.



  • HEAD has everything that RELENG_1 has plus more.


Locked