| Summary: | Firewall Groups - The given subnet address is already used by an IPsec network | ||
|---|---|---|---|
| Product: | IPFire | Reporter: | Heino Gutschmidt <heino.gutschmidt> |
| Component: | --- | Assignee: | Assigned to nobody - feel free to grab it and work on it <nobody> |
| Status: | CLOSED DUPLICATE | QA Contact: | |
| Severity: | Major Usability | ||
| Priority: | - Unknown - | CC: | peter.mueller |
| Version: | 2 | ||
| Hardware: | x86_64 | ||
| OS: | All | ||
It is not passible to add a (sub)network to firewall groups that is in use by IPsec or OpenVPN (error: The given subnet address is already used by an IPsec network...). So it is not possible to create group-based firewall rules to filter tunnel traffic (e.g. if the tunnel endpoint's subnet is a /16 private network but structered into /24 networks with different firewall policies). This is caused by checksubnets($fwhostsettings{'HOSTNAME'},$fullip,""); (/srv/web/ipfire/cgi-bin/fwhosts.cgi:304).