Enhancement #2752
Firewall: allow and deny access to local services
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-base | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
Network services running on the server/firewall itself have special rules controlling the status of the firewall.
Each service has following properties:- access: can be public or private
- TCPPort(s): open tcp ports
- UDPPort (s):open udp ports
access
property will have a new value:
- none: the access is closed from any network
- public: the access is open from any network
- private: the access is open only from local network
- AllowHosts: hosts allowed to access the service. Rules are generated only if access is private or public.
- DenyHosts: hosts denied to access the service. Rules are generated only if access is private or public.
This feature must be implemented both on lokkit and Shorewall.
Associated revisions
Rules template: support AllowHosts and DenyHosts. Refs #2752
Template, createlinks: support AllowHosts and DenyHosts. Refs #2752
Web UI: manage access to local services. Refs #2752
Web UI: manage access to local services. Refs #2752
Inline help: document access to local services. Refs #2752
Rules template: move AllowHosts and DenyHosts before regular rules. Refs #2752
Network services: fix for new Nethgui API. Refs #2752
History
#1 Updated by Giacomo Sanchietti about 7 years ago
- Description updated (diff)
#2 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from NEW to TRIAGED
- Target version set to v6.5
- % Done changed from 0 to 20
#3 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#4 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
- nethserver-base on branch b2719
- nethserver-firewall-base on branch 2705
#5 Updated by Giacomo Sanchietti about 7 years ago
- Assignee deleted (
Giacomo Sanchietti)
Also implemented web interface and inline manual.
#6 Updated by Giacomo Sanchietti about 7 years ago
Tests following cases when nethserver-base and nethserver-firewall-base are packaged for #2719 and #2705.
Test case 1- Configure a server with at least one red and one green interface
- Set httpd access to private
- Check httpd is accessible only from local network
- Configure a server with at least one red and one green interface
- Set httpd access to public
- Check httpd is accessible from any interface
- Configure a server with at least one red and one green interface
- Set httpd access to none
- Check httpd is not accessible from any interface
- Configure a server with at least one red and one green interface
- Set httpd access to private
- Fill AllowHosts property with an IP address in external zone (red)
- Check httpd is still accessible from specified IP
- Configure a server with at least one red and one green interface
- Set httpd access to public
- Fill DenyHosts property with an IP address in external zone (red)
- Check httpd is not accessible from specified IP
#7 Updated by Giacomo Sanchietti about 7 years ago
Merged on master.
#8 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
- nethserver-firewall-base-1.1.0-66.0git67ac1559.ns6.noarch.rpm
- nethserver-lsm-0.0.3-7.0gitd4a46e58.ns6.noarch.rpm
- nethserver-squid-1.1.1-3.0git37fbdd7c.ns6.noarch.rpm (già su testing)
- nethserver-snort-0.0.1-5.0git32850266.ns6.noarch.rpm
- nethserver-base-2.2.1-57.0git27156ae2.ns6.noarch.rpm
- nethserver-nethgui-1.5.0-22.0git051080ae.ns6.noarch.rpm
#10 Updated by Stefano Fancello about 7 years ago
- Assignee set to Stefano Fancello
#11 Updated by Stefano Fancello about 7 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
#12 Updated by Giacomo Sanchietti about 7 years ago
- Assignee deleted (
Stefano Fancello)
#13 Updated by Davide Principi almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-base-2.3.0-1.ns6.noarch.rpm
nethserver-firewall-base-2.0.0-1.ns6.noarch.rpm