Feature #2716
Custom firewall rules
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-firewall-base | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
Allow creation of firewall rules to manage inter-zone traffic.
Rules are saved inside the fwrules
database.
- key: numeric id
- Src: can be a defined object like host, host-group or zone. Or a custom value like IP or CIDR
- Dst: can be a defined object like host, host-group or zone. Or a custom value like IP or CIDR
- Action: can be
ACCEPT
,DROP
orREJECT
- Service: (optional) can be a service object
- Log: can be
none
orinfo
. Default tonone
- status: can be
enabled
ordisabled
. Default isenabled
- Description: (optional)
Example:
1=rule Src=host;giacomo Dst=192.168.1.2 Service=service;ssh Action=accept Log=none status=enabled
Create a rule:
db fwrules set 1 rule Src "host;myhost" Dst "host;myserver" Service ssh Action ACCEPT Log none status enabledThe web interface should allow to:
- create/modify/delete rules
- sort exiting rules
- enable/disable a rule
Related issues
Associated revisions
Libs: add Firewall lib. Refs #2716
template: add custom rules fragment for /etc/shorewall/rules. Refs #2716
shorewall templates: add support for extra zones. Refs #2716
Firewall library: truncate zone name to 5 chars. Refs #2716
Move NethServer::Firewall library to firewall-base package. Refs #2716
Move NethServer::Firewall library to firewall-base package. Refs #2716
Add NethServer::Firewall library (moved from base). Refs #2716
Firewall.pm: fix bootproto value. Refs #2716
rules: force action to uppercase. Refs #2716
FirewallRules completed workflow with on-the-fly objects creation. Refs #2716
FirewallObjects: don't signal event on create. Refs #2716
New objects are not used by firewall rules: firewall does not need to
be reconfigured.
FirewallObjects: move labels into one catalog. Refs #2716
To ease inclusion from FirewallRules.
FirewallRules/Index: fixed empty rule set submission. Refs #2716
Firewall library: support 'any' keyword. Refs #2716
FirewallRules: fixed wiping out rules on edit case. Refs #2716
Firewall library: fix fwservices handling. Refs #2716
Template: fix rules output. Refs #2716
FirewallRules: POST on PickObject button click. Refs #2716
The POST causes the form state to be saved in session.
FirewallRules: fixed creation of ghost records during create workflow. Refs #2716
Inline help: add firewall rules. Refs #2716
Inline help: fixed RST formatting warnings. Refs #2716
/etc/shorewall/rules: bump identifier on rule comment. Refs #2716
History
#1 Updated by Giacomo Sanchietti over 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti over 7 years ago
- Status changed from TRIAGED to ON_DEV
- % Done changed from 20 to 30
#3 Updated by Davide Principi over 7 years ago
- Assignee set to Davide Principi
#4 Updated by Giacomo Sanchietti over 7 years ago
- Description updated (diff)
#5 Updated by Davide Principi about 7 years ago
- Subject changed from Feature: support custom rules to Custom firewall rules
#6 Updated by Davide Principi about 7 years ago
- Related to Feature #2764: CIDR block validator added
#7 Updated by Davide Principi about 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case
New UI module FirewallRules. Test the following workflows:- Creation
- Sorting
- Deletion
- Edit
- Apply changes
- On the fly creation of firewall objects
#8 Updated by Giacomo Sanchietti about 7 years ago
- Related to Enhancement #2771: Merge nethserver-shorewall and nethserver-firewall-base added
#9 Updated by Giacomo Sanchietti about 7 years ago
Merged on master.
#10 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
- nethserver-firewall-base-1.1.0-66.0git67ac1559.ns6.noarch.rpm
- nethserver-lsm-0.0.3-7.0gitd4a46e58.ns6.noarch.rpm
- nethserver-squid-1.1.1-3.0git37fbdd7c.ns6.noarch.rpm (già su testing)
- nethserver-snort-0.0.1-5.0git32850266.ns6.noarch.rpm
- nethserver-base-2.2.1-57.0git27156ae2.ns6.noarch.rpm
- nethserver-nethgui-1.5.0-22.0git051080ae.ns6.noarch.rpm
#11 Updated by Giacomo Sanchietti about 7 years ago
- Related to Enhancement #2783: Firewall: beautify rules page added
#12 Updated by Giovanni Bezicheri about 7 years ago
- Assignee set to Giovanni Bezicheri
#13 Updated by Giacomo Sanchietti about 7 years ago
- nethserver-lib-2.0.3-2.0gitb1246a75.ns6
#14 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from ON_QA to TRIAGED
- Assignee deleted (
Giovanni Bezicheri) - % Done changed from 70 to 20
See verification on #2783
#15 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#16 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#17 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
Verification must be done on #2705
#18 Updated by Davide Principi about 7 years ago
- Assignee set to Davide Principi
#19 Updated by Davide Principi about 7 years ago
- Assignee deleted (
Davide Principi)
In nethserver-testing:
nethserver-firewall-base-1.1.0-127.0git49766190.ns6.noarch.rpm
#20 Updated by Filippo Carletti almost 7 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
#21 Updated by Davide Principi almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-firewall-base-2.0.0-1.ns6.noarch.rpm
nethserver-base-2.3.0-1.ns6.noarch.rpm