Bug 12653

Summary: forcing DNS traffic to use the local resolver - firewall.cgi WebGUI error
Product: IPFire Reporter: Jon <jon.murphy>
Component: ---Assignee: Stefan Schantl <stefan.schantl>
Status: CLOSED FIXED QA Contact:
Severity: - Unknown -    
Priority: - Unknown - CC: michael.tremer, peter.mueller
Version: 2   
Hardware: x86_64   
OS: Unspecified   
See Also: https://bugzilla.ipfire.org/show_bug.cgi?id=11168
https://bugzilla.ipfire.org/show_bug.cgi?id=12654
https://bugzilla.ipfire.org/show_bug.cgi?id=12278
Attachments: Original settings

Description Jon 2021-07-05 19:34:33 UTC 
Created attachment 919 [details]
Original settings

issue happened during test of "testing forcing DNS traffic to use the local resolver":

https://lists.ipfire.org/pipermail/development/2021-June/010692.html

https://patchwork.ipfire.org/project/ipfire/patch/20210630184031.7726-1-stefan.schantl@ipfire.org/

---


when editing a firewall rule the Destination Firewall changes from ALL to GREEN automagically.

Original settings:
Source -> Standard networks: GREEN
NAT -> NAT Destination & Firewall Interface: -Automatic-
Destination -> Firewall All
Protocol -> Preset -> Service Groups -> DNS(both)

If edited then:
Destination auto changes to GREEN.

This is very repeatable.

This was testing on CU 157 stable and 158 testing.

see:
https://lists.ipfire.org/pipermail/development/2021-July/010699.html
Comment 1 Michael Tremer 2021-09-30 14:18:00 UTC 
Stefan wrote documentation:

> https://wiki.ipfire.org/configuration/firewall/rules/redirect-services

Is anybody up for double-checking this?
Comment 2 Jon 2021-10-01 21:48:34 UTC 
Concerning the bug:  
All seems to work as expected with the update in CU 160 (Testing).  No more automatic changes from Firewall: All to Green.  Yay!

Concerning the Wiki:
I followed the steps and it all configured A-OK.  That is what I used to test the above using a DNS redirect Firewall Rule.
Comment 3 Michael Tremer 2021-10-04 09:26:11 UTC 
Thank you to everyone who worked on this :)
Comment 4 Peter Müller 2021-10-05 11:12:47 UTC 
Closing this as FIXED then, since Core Update 160 was released today. Please reopen, if necessary. Also thanks from my side. :-)

https://blog.ipfire.org/post/ipfire-2-27-core-update-160-released