Feature #2714
Firewall: select default policy
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-firewall-base | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
- permissive
- strict
Permissive
policy will enable all traffic from green (loc) zone to red (net) zone. Strict
policy will block all traffic from green (loc) zone to red (net) zone. Permitted traffic should be explicitly allowed.
Related issues
Associated revisions
Policy: implement default policy. Refs #2714
Web interface: add ExternalPing option. Refs #2714
Web interface: add translations. Refs #2714
Web interface: change policy labels. Refs #2714
NetworksDB: add 'red' function. Refs #2714
shorewall template: add support for orange and blue zones. Refs #2714
frewall policy: refactor fragment. Refs #2714
Policy template: avoid duplicate policies. Refs #2714
History
#1 Updated by Giacomo Sanchietti over 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti over 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#3 Updated by Giacomo Sanchietti over 7 years ago
- Assignee deleted (
Giacomo Sanchietti)
VPN zones should have same policy as the green (local) interface.
#4 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#5 Updated by Giacomo Sanchietti about 7 years ago
- Description updated (diff)
#6 Updated by Giacomo Sanchietti about 7 years ago
- Related to Enhancement #2771: Merge nethserver-shorewall and nethserver-firewall-base added
#7 Updated by Giacomo Sanchietti about 7 years ago
Merged on master.
#8 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
- nethserver-firewall-base-1.1.0-66.0git67ac1559.ns6.noarch.rpm
- nethserver-lsm-0.0.3-7.0gitd4a46e58.ns6.noarch.rpm
- nethserver-squid-1.1.1-3.0git37fbdd7c.ns6.noarch.rpm (già su testing)
- nethserver-snort-0.0.1-5.0git32850266.ns6.noarch.rpm
- nethserver-base-2.2.1-57.0git27156ae2.ns6.noarch.rpm
- nethserver-nethgui-1.5.0-22.0git051080ae.ns6.noarch.rpm
#9 Updated by Davide Principi about 7 years ago
- Assignee set to Davide Principi
#10 Updated by Davide Principi about 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
VERIFIED
Connections from internal host are blocked, or allowed accordingly.
#11 Updated by Davide Principi almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-firewall-base-2.0.0-1.ns6.noarch.rpm
nethserver-base-2.3.0-1.ns6.noarch.rpm