How do I set up a port range in a Firewall Rule?

So just came over from Zentyal and thought I will give nethserver a go. But running into a few basic issues which are a bit uncomfortable.

Specifying port ranges in a firewall rule is common an basic and I have been unable to get this right. Please do not point me at the other article where the gentleman used the creation of a service to work around the problem, as creating a network service in 6.7 seems to be problematic as well. (see my previous problem) no longer an option to specify private or public access (or I do not know where that can now be specified) which will force the network service.

I am not going to type 50 ports with commas in-between, (and that for many rule entries) so please help me or I will be forced to move back to zentyal and I would really like to try NethServer.

Thanks

The WebUI only supports comma separated lists, as far as I can see.

From the manual (http://docs.nethserver.org/en/latest/firewall.html?highlight=forward#port-forward)

It’s possibile to specify a port range using a colon as separator in the source port field (eX: 1000:2000), in this case the field destination port must be left void

I repeat: the separator char for a range is the colon (:).

Do you think that the dash (-) would be a better option?

In geral for a range… It’s the “-”.
I.e: when you want to print only few pages 1 to 9… You put 1-9.

And it could be good to complete the description in the help button on the webgui

Can you set this thread as solved? Thanks.

Could we file an enhancement issue about the dash separator char?

We could, but then we have to support both syntax or create a migration fragment for existing db entries.
IMHO i would only improve the inline help.

My 2 cents:
For NS 6.7, only improve the help button

For NS 7.1 support the dash separator and made a little tool to update the DB.

2 Likes

The Port Forwarding supports COLON (:slight_smile: the FIREWALL OBJECT SERVICE does NOT. If one wanted to allow 10000-20000 on the firewall they would have to do, 10000,10001,10002, etc.

1 Like