[Freedombox-discuss] Firewall for FreedomBox
sunil at medhas.org
Tue Apr 22 15:39:26 UTC 2014
On Tuesday 22 April 2014 04:01 PM, Petter Reinholdtsen wrote:
> You also sent a patch for freedombox-setup, and I believe most of those
> changes should go into plinth instead. I've merged the parts I think
> should go into freedombox-setup (installing firewalld, making sure
> init.d/first-run executes after it is started).
I agree that firewall initial configuration could go into Plinth. And
slowing they may be removed entirely in favor enabling/disabling them
only when corresponding service is enabled/disabled from Plinth.
> If I got it right, enabling firewalld will block everything by default,
> making me suspect that we need to get the rules to enable active
> services in place before we upload the new freedombox-setup package to
> unstable. Am I right?
Yes. I am submitting the required changes to Plinth. We should upload
Plinth first and then freedombox-setup.
> Btw, did you look at the init.d/proxy script in freedombox-setup? It
> set up a bunch of iptables rules, and those should perhaps be ported to
> firewalld rules? Perhaps even moved from freedombox-setup to plinth?
I totally overlooked the proxy script in my exploration of
freedombox-setup for firewall purpose. :) I didn't test for it either :)
It might in fact clash with FirewallD and FirewallD might remove those
rules. I shall work on converting the rules to firewalld equivalent.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Freedombox-discuss