Enhancement #3055
Add VPN zones to firewall rules
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-firewall-base | |||
Target version: | v6.6 | |||
Resolution: | NEEDINFO: | No |
Description
Current web interface for firewall rules doesn't allow the creation of rules between VPNs and other zones.
Expand the firewall rule page with the following zones:- ivpn : IPSec
- lvpn: L2TP
- ovpn: OpenVPN
Associated revisions
Firewall library: support special vpn role. Refs #3055
Web UI: support special vpn role. Refs #3055
History
#1 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from NEW to TRIAGED
- Target version changed from ~FUTURE to v6.6
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#3 Updated by Giacomo Sanchietti over 6 years ago
- Assignee deleted (
Giacomo Sanchietti)
Implemented new VPN role object, it must be referenced with this syntax: role;vpn
This role will expand to all installed vpn zones: ivpn
,lvpn
, ovpn
.
- if
openvpn
key is present inside theconfiguration
database - if
ipsec
key is present inside theconfiguration
database
#4 Updated by Giacomo Sanchietti over 6 years ago
- Assignee set to Giacomo Sanchietti
#5 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 30 to 60
#6 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
- nethserver-firewall-base-2.5.1-1.16.g9146ec8.ns6.noarch.rpm
- On a clean machine, check the VPN role is not present
- Install
nethserver-openvpn
ornethserver-ipsec
packages - Create a new firewall rule, the VPN role must be displayed
- Check generated rules inside the
/etc/shorewall/rules
file
#7 Updated by Davide Principi over 6 years ago
- Assignee set to Davide Principi
#8 Updated by Davide Principi over 6 years ago
- Assignee deleted (
Davide Principi) - NEEDINFO changed from No to Yes
I've tested by installing nethserver-ipsec
only: the test case is verified, but trying to uninstall nethserver-ipsec
produces an error in /var/log/messages
:
Apr 23 10:55:47 vm5 root: ERROR:Shorewall restart failed Apr 23 10:55:47 vm5 esmith::event[21412]: [ERROR] Shorewall restart: ERROR: Unknown source zone (ivpn) /etc/shorewall/rules (line 137)
#9 Updated by Giacomo Sanchietti over 6 years ago
- NEEDINFO changed from Yes to No
I think the administrator should take care to review firewall rules each time a network package is removed.
#10 Updated by Davide Principi over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Thanks, Giacomo to have pointed it out
VERIFIED
#11 Updated by Davide Principi over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
CLOSED
In nethserver-updates:
nethserver-firewall-base-2.6.0-1.ns6.noarch.rpm