Enhancement #2895: Network services: refactor web interface - NethServer 6 - NethServer.org

Enhancement #2895

« Previous | Next »

Network services: refactor web interface

Added by Giacomo Sanchietti almost 7 years ago. Updated almost 7 years ago.

Status:

CLOSED

Start date:

Priority:

Normal

Due date:

Assignee:

% Done:

100%

Category:

nethserver-base

Target version:

v6.5

Resolution:

NEEDINFO:

Description

Update web interface with following modifications:

Change "none" label to "localhost"
Change "Access from all networks" to "Access from green and red networks"
In the table view, inside the "Access" field display:
- green: if access is private
- green,red: if access is public
- localhost: if access is none
- custom: if AllowHosts or DenyHosts have a value

Related issues

Associated revisions

Revision 3d991ff5
Added by Giacomo Sanchietti almost 7 years ago

Web UI: refactor network services module. Refs #2895

Revision d6832fb4
Added by Giacomo Sanchietti almost 7 years ago

Inline help: update network services. Refs #2895

Revision 412d3d55
Added by Giacomo Sanchietti almost 7 years ago

Devel and admin manual: update network service chapter. Refs #2895

Revision b7365838
Added by Giacomo Sanchietti almost 7 years ago

Netwokr services UI: fix custom label. Refs #2895

Revision e0f8d902
Added by Giacomo Sanchietti almost 7 years ago

Lokkit firewall: implement green/red behavior. Refs #2895

Revision 6ab86418
Added by Giacomo Sanchietti almost 7 years ago

createlinks: firewall-adjust inside network-* events. Refs #2895

Revision 778ea6c6
Added by Davide Principi almost 7 years ago

NetworkServices: swap public/private radio buttons order. Refs #2895

Revision 2836d62b
Added by Giacomo Sanchietti almost 7 years ago

Inlin help: update network services. Refs #2895

History

#1 Updated by Giacomo Sanchietti almost 7 years ago

Status changed from NEW to TRIAGED
% Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti almost 7 years ago

Status changed from TRIAGED to ON_DEV
Assignee set to Giacomo Sanchietti
% Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti almost 7 years ago

Status changed from ON_DEV to MODIFIED
% Done changed from 30 to 60

#4 Updated by Giacomo Sanchietti almost 7 years ago

Status changed from MODIFIED to ON_QA
Assignee deleted (~~Giacomo Sanchietti~~)
% Done changed from 60 to 70

Package in nethserver-testing:

nethserver-base-2.3.0-15.0git3d991ff5.ns6.noarch.rpm

Test case
Change configuration of network services, set at least:

one service to public
one service to private
one service to none
one service to public or private with AllowHosts or AccessHosts
check the web UI reflects proposed modifications

#5 Updated by Davide Principi almost 7 years ago

Assignee set to Davide Principi

#6 Updated by Davide Principi almost 7 years ago

NEEDINFO changed from No to Yes

On a machine with lokkit the green and green + red cases are treated in the same way: green

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   45  3060 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:980 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:123 
    1   100 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

And green + red:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    9   564 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:980 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:123 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Moreover, after the first change, access column displays always "custom": is it correct?

#7 Updated by Giacomo Sanchietti almost 7 years ago

Status changed from ON_QA to TRIAGED
Assignee deleted (~~Davide Principi~~)
% Done changed from 70 to 20
NEEDINFO changed from Yes to No

On a machine with lokkit the green and green + red cases are treated in the same way: green[...]
And green + red: [...]

Yes, this is fine.

Moreover, after the first change, access column displays always "custom": is it correct?

This isn't right: custom should be displayed only if AllowHosts or DenyHosts are filled.

#8 Updated by Giacomo Sanchietti almost 7 years ago

Status changed from TRIAGED to ON_DEV
Assignee set to Giacomo Sanchietti
% Done changed from 20 to 30

I will implement solution proposed by Davide.

On a system with lokkit:

a service with local access must be accessible only from green and trusted networks
a service with public access must be accessible from 0.0.0.0

#9 Updated by Giacomo Sanchietti almost 7 years ago

Status changed from ON_DEV to MODIFIED
% Done changed from 30 to 60

#10 Updated by Giacomo Sanchietti almost 7 years ago

Status changed from MODIFIED to ON_QA
Assignee deleted (~~Giacomo Sanchietti~~)
% Done changed from 60 to 70

Package in nethserver-testing:

nethserver-base-2.4.0-15.0gite0f8d902.ns6.noarch.rpm

Test case 1
Change configuration of network services, set at least:

one service to public
one service to private
one service to none
one service to public or private with AllowHosts or AccessHosts
check the web UI reflects proposed modifications

Test case 2

Check public services are accessible fro any network
Check private services are accessible only from green network

Test case 3

Create 2 green interfaces
Check private services are accessible only from all green networks

Test case 4

Add a trusted network
Check private services are accessible from all green networks and trusted networks

Test case 5

Delete and edit a trusted network
Check rules are changed accordingly

Test case 6

Create at least one trusted network
Set AlloHosts and DenyHosts on one or more service
Check rules are changed accordingly

#11 Updated by Davide Principi almost 7 years ago

Assignee set to Davide Principi

#12 Updated by Davide Principi almost 7 years ago

Status changed from ON_QA to VERIFIED
Assignee deleted (~~Davide Principi~~)
% Done changed from 70 to 90

VERIFIED

#13 Updated by Giacomo Sanchietti almost 7 years ago

Status changed from VERIFIED to CLOSED
% Done changed from 90 to 100

Packages released in nethserver-updates:

nethserver-base-2.5.0-1.ns6.noarch.rpm

#14 Updated by Giacomo Sanchietti almost 7 years ago

Related to Bug #2923: Lokkit: missing port range support for network services added

Also available in: Atom PDF

NethServer 6

Issues

Custom queries