Enhancement #2895

Network services: refactor web interface

Added by Giacomo Sanchietti almost 7 years ago. Updated almost 7 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-base
Target version:v6.5
Resolution: NEEDINFO:No

Description

Update web interface with following modifications:
  • Change "none" label to "localhost"
  • Change "Access from all networks" to "Access from green and red networks"
  • In the table view, inside the "Access" field display:
    • green: if access is private
    • green,red: if access is public
    • localhost: if access is none
    • custom: if AllowHosts or DenyHosts have a value

Related issues

Related to NethServer 6 - Bug #2923: Lokkit: missing port range support for network services CLOSED

Associated revisions

Revision 3d991ff5
Added by Giacomo Sanchietti almost 7 years ago

Web UI: refactor network services module. Refs #2895

Revision d6832fb4
Added by Giacomo Sanchietti almost 7 years ago

Inline help: update network services. Refs #2895

Revision 412d3d55
Added by Giacomo Sanchietti almost 7 years ago

Devel and admin manual: update network service chapter. Refs #2895

Revision b7365838
Added by Giacomo Sanchietti almost 7 years ago

Netwokr services UI: fix custom label. Refs #2895

Revision e0f8d902
Added by Giacomo Sanchietti almost 7 years ago

Lokkit firewall: implement green/red behavior. Refs #2895

Revision 6ab86418
Added by Giacomo Sanchietti almost 7 years ago

createlinks: firewall-adjust inside network-* events. Refs #2895

Revision 778ea6c6
Added by Davide Principi almost 7 years ago

NetworkServices: swap public/private radio buttons order. Refs #2895

Revision 2836d62b
Added by Giacomo Sanchietti almost 7 years ago

Inlin help: update network services. Refs #2895

History

#1 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#4 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-base-2.3.0-15.0git3d991ff5.ns6.noarch.rpm
Test case
Change configuration of network services, set at least:
  • one service to public
  • one service to private
  • one service to none
  • one service to public or private with AllowHosts or AccessHosts
  • check the web UI reflects proposed modifications

#5 Updated by Davide Principi almost 7 years ago

  • Assignee set to Davide Principi

#6 Updated by Davide Principi almost 7 years ago

  • NEEDINFO changed from No to Yes

On a machine with lokkit the green and green + red cases are treated in the same way: green

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   45  3060 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:980 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:123 
    1   100 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

And green + red:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    9   564 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:980 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Moreover, after the first change, access column displays always "custom": is it correct?

#7 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from ON_QA to TRIAGED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 20
  • NEEDINFO changed from Yes to No

On a machine with lokkit the green and green + red cases are treated in the same way: green[...]
And green + red: [...]

Yes, this is fine.

Moreover, after the first change, access column displays always "custom": is it correct?

This isn't right: custom should be displayed only if AllowHosts or DenyHosts are filled.

#8 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

I will implement solution proposed by Davide.

On a system with lokkit:
  • a service with local access must be accessible only from green and trusted networks
  • a service with public access must be accessible from 0.0.0.0

#9 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#10 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-base-2.4.0-15.0gite0f8d902.ns6.noarch.rpm
Test case 1
Change configuration of network services, set at least:
  • one service to public
  • one service to private
  • one service to none
  • one service to public or private with AllowHosts or AccessHosts
  • check the web UI reflects proposed modifications
Test case 2
  • Check public services are accessible fro any network
  • Check private services are accessible only from green network
Test case 3
  • Create 2 green interfaces
  • Check private services are accessible only from all green networks
Test case 4
  • Add a trusted network
  • Check private services are accessible from all green networks and trusted networks
Test case 5
  • Delete and edit a trusted network
  • Check rules are changed accordingly
Test case 6
  • Create at least one trusted network
  • Set AlloHosts and DenyHosts on one or more service
  • Check rules are changed accordingly

#11 Updated by Davide Principi almost 7 years ago

  • Assignee set to Davide Principi

#12 Updated by Davide Principi almost 7 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

#13 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Packages released in nethserver-updates:
  • nethserver-base-2.5.0-1.ns6.noarch.rpm

#14 Updated by Giacomo Sanchietti almost 7 years ago

  • Related to Bug #2923: Lokkit: missing port range support for network services added

Also available in: Atom PDF