[Freedombox-discuss] Firewall for FreedomBox

Sunil Mohan sunil at medhas.org
Tue Apr 22 15:39:26 UTC 2014

On Tuesday 22 April 2014 04:01 PM, Petter Reinholdtsen wrote:
> You also sent a patch for freedombox-setup, and I believe most of those
> changes should go into plinth instead.  I've merged the parts I think
> should go into freedombox-setup (installing firewalld, making sure
> init.d/first-run executes after it is started).

I agree that firewall initial configuration could go into Plinth. And
slowing they may be removed entirely in favor enabling/disabling them
only when corresponding service is enabled/disabled from Plinth.

> If I got it right, enabling firewalld will block everything by default,
> making me suspect that we need to get the rules to enable active
> services in place before we upload the new freedombox-setup package to
> unstable.  Am I right?

Yes. I am submitting the required changes to Plinth. We should upload
Plinth first and then freedombox-setup.

> Btw, did you look at the init.d/proxy script in freedombox-setup?  It
> set up a bunch of iptables rules, and those should perhaps be ported to
> firewalld rules?  Perhaps even moved from freedombox-setup to plinth?

I totally overlooked the proxy script in my exploration of
freedombox-setup for firewall purpose. :) I didn't test for it either :)
It might in fact clash with FirewallD and FirewallD might remove those
rules. I shall work on converting the rules to firewalld equivalent.

Thank you,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20140422/2d9bb3e9/attachment.sig>

More information about the Freedombox-discuss mailing list