[Freedombox-discuss] Firewall for FreedomBox
Sunil Mohan
sunil at medhas.org
Tue Apr 22 15:39:26 UTC 2014
On Tuesday 22 April 2014 04:01 PM, Petter Reinholdtsen wrote:
[...]
>
> You also sent a patch for freedombox-setup, and I believe most of those
> changes should go into plinth instead. I've merged the parts I think
> should go into freedombox-setup (installing firewalld, making sure
> init.d/first-run executes after it is started).
I agree that firewall initial configuration could go into Plinth. And
slowing they may be removed entirely in favor enabling/disabling them
only when corresponding service is enabled/disabled from Plinth.
>
> If I got it right, enabling firewalld will block everything by default,
> making me suspect that we need to get the rules to enable active
> services in place before we upload the new freedombox-setup package to
> unstable. Am I right?
Yes. I am submitting the required changes to Plinth. We should upload
Plinth first and then freedombox-setup.
>
> Btw, did you look at the init.d/proxy script in freedombox-setup? It
> set up a bunch of iptables rules, and those should perhaps be ported to
> firewalld rules? Perhaps even moved from freedombox-setup to plinth?
>
I totally overlooked the proxy script in my exploration of
freedombox-setup for firewall purpose. :) I didn't test for it either :)
It might in fact clash with FirewallD and FirewallD might remove those
rules. I shall work on converting the rules to firewalld equivalent.
Thank you,
--
Sunil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20140422/2d9bb3e9/attachment.sig>
More information about the Freedombox-discuss
mailing list