Bug 11429 - Firewall Groups - The given subnet address is already used by an IPsec network
Summary: Firewall Groups - The given subnet address is already used by an IPsec network
Status: CLOSED DUPLICATE of bug 11131
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: x86_64 All
: - Unknown - Major Usability
Assignee: Assigned to nobody - feel free to grab it and work on it
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-27 14:55 UTC by Heino Gutschmidt
Modified: 2017-11-08 18:08 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Heino Gutschmidt 2017-07-27 14:55:11 UTC 
It is not passible to add a (sub)network to firewall groups that is in use by IPsec or OpenVPN (error: The given subnet address is already used by an IPsec network...). So it is not possible to create group-based firewall rules to filter tunnel traffic (e.g. if the tunnel endpoint's subnet is a /16 private network but structered into /24 networks with different firewall policies). This is caused by checksubnets($fwhostsettings{'HOSTNAME'},$fullip,""); (/srv/web/ipfire/cgi-bin/fwhosts.cgi:304).
Comment 1 Peter Müller 2017-11-08 18:08:14 UTC 

*** This bug has been marked as a duplicate of bug 11131 ***