Enhancement #2895
Network services: refactor web interface
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-base | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
- Change "none" label to "localhost"
- Change "Access from all networks" to "Access from green and red networks"
- In the table view, inside the "Access" field display:
- green: if access is private
- green,red: if access is public
- localhost: if access is none
- custom: if AllowHosts or DenyHosts have a value
Related issues
Associated revisions
Web UI: refactor network services module. Refs #2895
Inline help: update network services. Refs #2895
Devel and admin manual: update network service chapter. Refs #2895
Netwokr services UI: fix custom label. Refs #2895
Lokkit firewall: implement green/red behavior. Refs #2895
createlinks: firewall-adjust inside network-* events. Refs #2895
NetworkServices: swap public/private radio buttons order. Refs #2895
Inlin help: update network services. Refs #2895
History
#1 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#3 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#4 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-base-2.3.0-15.0git3d991ff5.ns6.noarch.rpm
Change configuration of network services, set at least:
- one service to public
- one service to private
- one service to none
- one service to public or private with AllowHosts or AccessHosts
- check the web UI reflects proposed modifications
#5 Updated by Davide Principi almost 7 years ago
- Assignee set to Davide Principi
#6 Updated by Davide Principi almost 7 years ago
- NEEDINFO changed from No to Yes
On a machine with lokkit
the green
and green + red
cases are treated in the same way: green
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 45 3060 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:980 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123 1 100 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
And green + red:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 9 564 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:980 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Moreover, after the first change, access
column displays always "custom": is it correct?
#7 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_QA to TRIAGED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 20
- NEEDINFO changed from Yes to No
On a machine with
lokkit
thegreen
andgreen + red
cases are treated in the same way:green
[...]
And green + red: [...]
Yes, this is fine.
Moreover, after the first change,
access
column displays always "custom": is it correct?
This isn't right: custom should be displayed only if AllowHosts or DenyHosts are filled.
#8 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
I will implement solution proposed by Davide.
On a system with lokkit:- a service with local access must be accessible only from green and trusted networks
- a service with public access must be accessible from 0.0.0.0
#9 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#10 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-base-2.4.0-15.0gite0f8d902.ns6.noarch.rpm
Change configuration of network services, set at least:
- one service to public
- one service to private
- one service to none
- one service to public or private with AllowHosts or AccessHosts
- check the web UI reflects proposed modifications
- Check public services are accessible fro any network
- Check private services are accessible only from green network
- Create 2 green interfaces
- Check private services are accessible only from all green networks
- Add a trusted network
- Check private services are accessible from all green networks and trusted networks
- Delete and edit a trusted network
- Check rules are changed accordingly
- Create at least one trusted network
- Set AlloHosts and DenyHosts on one or more service
- Check rules are changed accordingly
#11 Updated by Davide Principi almost 7 years ago
- Assignee set to Davide Principi
#12 Updated by Davide Principi almost 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
VERIFIED
#13 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-base-2.5.0-1.ns6.noarch.rpm
#14 Updated by Giacomo Sanchietti almost 7 years ago
- Related to Bug #2923: Lokkit: missing port range support for network services added