Enhancement #2775

Firewall: support DNS/DHCP objects in firewall rules

Added by Giacomo Sanchietti about 7 years ago. Updated almost 7 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-firewall-base
Target version:v6.5
Resolution: NEEDINFO:No

Description

When creating (or editing) a rule inside the Firewall rules page, the system should handle hosts defined in DNS/DHCP page among hosts created inside the Firewall objects page.

Hosts selected from DNS/DHCP page will be translated into their own IP addresses inside the templates.

Associated revisions

Revision bc80849a
Added by Davide Principi about 7 years ago

FirewallRules: pick DNS/DHCP hosts for fw rules. Refs #2775

History

#1 Updated by Giacomo Sanchietti about 7 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.5
  • % Done changed from 0 to 20

#2 Updated by Davide Principi about 7 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#3 Updated by Davide Principi about 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case

When selecting a rule Source/Destination, elements of DNS&DHCP (having record type remote or local) must be listed and selectable. The Dst/Src value prefix must be host;. E.g.:

# db fwrules show 15
15=rule
    Action=accept
    Dst=host;notebook-davide
    Log=none
    Position=512
    Service=any
    Src=host;pulp.nethserver.org
    status=enabled

#4 Updated by Davide Principi about 7 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-firewall-base-1.1.0-68.0gitbc80849a.ns6.noarch.rpm

#5 Updated by Giacomo Sanchietti about 7 years ago

  • Assignee set to Giacomo Sanchietti

#6 Updated by Giacomo Sanchietti about 7 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90
Created two hosts:
  • testdhcp: dhcp reservation
  • test.nethesis.it: dns record

Both can be selected from web UI and are correctly saved.

Extract from rules file:

#
# RULE host;test.nethesis.it -> host;testdhcp 
#
?COMMENT 
ACCEPT:none    net:192.15.6.7    loc:192.168.5.225    all

Database:

[root@localhost ~]# db fwrules show
1=rule
    Action=accept
    Dst=host;testdhcp
    Log=none
    Position=64
    Service=any
    Src=host;test.nethesis.it
    status=enabled

#7 Updated by Davide Principi almost 7 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-firewall-base-2.0.0-1.ns6.noarch.rpm

Also available in: Atom PDF