Feature #2714

Firewall: select default policy

Added by Giacomo Sanchietti over 5 years ago. Updated over 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-firewall-base
Target version:v6.5
Resolution: NEEDINFO:No

Description

The firewall should implement two standard policies:
  • permissive
  • strict

Permissive policy will enable all traffic from green (loc) zone to red (net) zone.
Strict policy will block all traffic from green (loc) zone to red (net) zone. Permitted traffic should be explicitly allowed.


Related issues

Related to NethServer 6 - Feature #2716: Custom firewall rules CLOSED
Related to NethServer 6 - Enhancement #2771: Merge nethserver-shorewall and nethserver-firewall-base CLOSED

Associated revisions

Revision 0b14200d
Added by Giacomo Sanchietti over 5 years ago

Policy: implement default policy. Refs #2714

Revision 3b869a62
Added by Giacomo Sanchietti over 5 years ago

Web interface: add ExternalPing option. Refs #2714

Revision af3a002d
Added by Giacomo Sanchietti over 5 years ago

Web interface: add translations. Refs #2714

Revision 14d9e0c5
Added by Giacomo Sanchietti over 5 years ago

Web interface: change policy labels. Refs #2714

Revision 2bfc1b8a
Added by Giacomo Sanchietti over 5 years ago

NetworksDB: add 'red' function. Refs #2714

Revision 9f337bc5
Added by Giacomo Sanchietti over 5 years ago

shorewall template: add support for orange and blue zones. Refs #2714

Revision ffca37e7
Added by Giacomo Sanchietti over 5 years ago

frewall policy: refactor fragment. Refs #2714

Revision 4997d7fd
Added by Giacomo Sanchietti over 5 years ago

Policy template: avoid duplicate policies. Refs #2714

History

#1 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti over 5 years ago

  • Assignee deleted (Giacomo Sanchietti)

VPN zones should have same policy as the green (local) interface.

#4 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#5 Updated by Giacomo Sanchietti over 5 years ago

  • Description updated (diff)

#6 Updated by Giacomo Sanchietti over 5 years ago

  • Related to Enhancement #2771: Merge nethserver-shorewall and nethserver-firewall-base added

#7 Updated by Giacomo Sanchietti over 5 years ago

Merged on master.

#8 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70
Packages in nethserver-testing:
  • nethserver-firewall-base-1.1.0-66.0git67ac1559.ns6.noarch.rpm
  • nethserver-lsm-0.0.3-7.0gitd4a46e58.ns6.noarch.rpm
  • nethserver-squid-1.1.1-3.0git37fbdd7c.ns6.noarch.rpm (giĆ  su testing)
  • nethserver-snort-0.0.1-5.0git32850266.ns6.noarch.rpm
  • nethserver-base-2.2.1-57.0git27156ae2.ns6.noarch.rpm
  • nethserver-nethgui-1.5.0-22.0git051080ae.ns6.noarch.rpm

#9 Updated by Davide Principi over 5 years ago

  • Assignee set to Davide Principi

#10 Updated by Davide Principi over 5 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

Connections from internal host are blocked, or allowed accordingly.

#11 Updated by Davide Principi over 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-firewall-base-2.0.0-1.ns6.noarch.rpm
nethserver-base-2.3.0-1.ns6.noarch.rpm

Also available in: Atom PDF