[Freedombox-discuss] Firewall for FreedomBox

Petter Reinholdtsen pere at hungry.com
Tue Apr 22 10:31:48 UTC 2014


[Sunil Mohan]
> Hello,

Hi.

>I have submitted patches[1] to Plinth so as to manage the firewall for
>FreedomBox. Firewall shall operate automatically by enabling traffic
>for services that are enabled and disabling traffic when the last of
>the services using a port is disabled.

I am very glad to see some work on a firewall solution for the
FreedomBox. :) It is an area where I have little skills myself.

> In the patches I propose to use FirewallD[2] as the tool that manages
> iptables. It could be swapped out in my implementation with other such
> tools with some effort. However, FirewallD seems to me the best fit
> for our purpose.

I have no opinion here. :) It seem fine to me, but I do not know the
alternatives. :)

I notice it uses dbus and provide a GUI tool as well.  Not sure if that
is an advantage or a problem for us, but it might make me use it on my
own laptop. :) So far avahi and firewalld are the tools using dbus on
the FreedomBox. :) I suspect we will use it more. :)

> Your comments are welcome.

You also sent a patch for freedombox-setup, and I believe most of those
changes should go into plinth instead.  I've merged the parts I think
should go into freedombox-setup (installing firewalld, making sure
init.d/first-run executes after it is started).

If I got it right, enabling firewalld will block everything by default,
making me suspect that we need to get the rules to enable active
services in place before we upload the new freedombox-setup package to
unstable.  Am I right?

Btw, did you look at the init.d/proxy script in freedombox-setup?  It
set up a bunch of iptables rules, and those should perhaps be ported to
firewalld rules?  Perhaps even moved from freedombox-setup to plinth?

-- 
Happy hacking
Petter Reinholdtsen



More information about the Freedombox-discuss mailing list