First of all: I'm using RT firmware for about a week without any problems. Thank you for excelent job!
I have some observations about firewall in RT firmware. I'm thinking about "IP filters" from web interface.
On the first screen I'm able to define rules which can be aplied to users (IP addresses) or all users (ANY), but this rules can't be defined for outer IP's.
I've found that "Blocking outgoing ping" checkbox always work for ALL IP addresses. Appling Block outgoing ping for just one internal IP address is impossible.
It's possible to examine output of iptables -L -n from ssh interface and see how options from web interface are translated into iptables rules.
I've found that "custom IP filters" are unusable - this options simply don't work! You can set this options to whatever you want and there is nothing changed in iptables output. So there is no possibility to filter out outgoing IP from web interface. Please examine attached file to verify my rule...
And I have one feature request
It will be very usable for me to have possibility for appling IP filter on time basis (I want to limit 1 user from web access during the day Have a good time
G