Firewalla App Release 1.48

Follow

Comments

6 comments

  • Avatar
    Chris Thomas

    The pace of development with this platform is incredible, you guys are doing a fantastic job!

    2
    Comment actions Permalink
  • Avatar
    Robert

    Pause for Today means until Midnight?

    Kid Lock: wasn't there already an option to secure the app? Was it simply renamed?

    You must try really hard to get the interface to be the same between ios and android. I haven't used another app on android where I have to scroll up and down so much to select the time.

    0
    Comment actions Permalink
  • Avatar
    Adam Casella

    Directionality of rules is a move away from conntrack? Do Outbound-only rules leverage conntrack? So that return traffic is allowed, but not tcp/udp session setup.

    Moving these to bidirectional, do you still expect to leverage conntrack, but in both directions?

    Moving outbound rules to bi-directional sounds dangerous and could open up unexpected security holes.

    Is there a packet flow diagram through the firewall/iptables? I don't need every detail regrading labels, but a simple 'day in the life of a packet' with the high-level blocks the traffic is moving through.

    0
    Comment actions Permalink
  • Avatar
    Chris Thomas

    Adam,

    Up until now, it appears that allow rules were always bi-directional. At least we have the option to make them unidirectional now.

    https://help.firewalla.com/hc/en-us/community/posts/4406900595219-WARNING-Allow-rules-to-IP-or-Domain-are-BI-DIRECITONAL-

    0
    Comment actions Permalink
  • Avatar
    Adam Casella

    Thanks Chris. This makes sense. Unidirectional rules are s a good addition.

    0
    Comment actions Permalink
  • Avatar
    Adam Casella

    Also, of this is done via conntrack, which is may not be, it's not an issue.

    The thread your linked implies it is not stateful and is stateless in both directions.

    We really need an order of operations for how rules are processed and in what order. Or if a priority can be added or if there is implicit allow or deny by default.

    It's not well documented, which may not be needed for most users. But advanced users will want to know this AND can help steer better decisions being made with real life use-cases, as long as they are not one-offs

    0
    Comment actions Permalink

Please sign in to leave a comment.