SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002809: smtp proxy needs configuration possibility to decide which subnets are local - MantisBT
MantisBT - Endian Firewall
View Issue Details
0002809Endian FirewallProxy SMTPpublic2010-03-31 18:022010-09-24 09:03
peter-endian 
 
normalfeatureN/A
confirmedopen 
2.3 
future 
0002809: smtp proxy needs configuration possibility to decide which subnets are local
smtp proxy right now calculates which subnets are local by including also routing configuration from openvpn and routing.

this is not always what one wants, since routed destination networks may also be non-local, if it is 0.0.0.0/0 for example, or something big and external, which may sometimes be used with source routing


So we need something non that intelligent, i.e. only those subnets are considered local which the user configures

or add only obvious local subnets, don't add openvpn and routed networks, but add the possibility to do add them manually and add a checkbox "add all routed subnets"
No tags attached.
related to 0002808closed peter-endian routing editor should handle 0.0.0.0/0 as a special case in order that it is not considered local subnet 
Issue History
2010-03-31 18:02peter-endianNew Issue
2010-03-31 18:02peter-endianIssue generated from: 0002808
2010-03-31 18:02peter-endianRelationship addedrelated to 0002808
2010-04-01 07:52luca-endianNote Added: 0004105
2010-04-01 07:54luca-endianNote Edited: 0004105
2010-04-01 07:57luca-endianNote Added: 0004106
2010-04-01 08:02luca-endianNote Edited: 0004106
2010-09-24 09:03peter-endianStatusnew => confirmed

Notes
(0004105)
luca-endian   
2010-04-01 07:52   
(edited on: 2010-04-01 07:54)
I strongly agree
the best would be two text fields:
1) one with classical networks (green orange blue..) highlighted by default plus suggested networks (taken from vpns and routes) but not selected by default, the user with ctrl can enable them
2) the second could be an empty text field where the user add (one per line) other networks/ip to be considered as local network (this is often requested)

What do you think?

(0004106)
luca-endian   
2010-04-01 07:57   
(edited on: 2010-04-01 08:02)
obviously 0.0.0.0/0 should always be filtered from suggested networks!!!

Maybe there should be a warning near the second text field that a misconfiguration can set the firewall as open relay!