Enhancement #3258
Drop lokkit support, always use shorewall
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | <multiple packages> | |||
Target version: | v6.7-rc1 | |||
Resolution: | NEEDINFO: | No |
Description
- lokkit used when the server is server-only (only green interfaces)
- shorewall when the server is server and gateway (green/red/orange/blue interfaces)
Both implementations are complicating the code and have a big drawback: the administrator can configure the server as a gateway only after installing the shorewall component.
Shorewall must be included inside the core system (and the ISO), lokkit implementation will be removed.
Associated revisions
Drop lokkit-based firewall implementation. Refs #3258
- Enable Shorewall at boot
- Disable iptables service at boot
- Split UI into a different RPM
Drop lokkit-based firewall implementation. Refs #3258
- Remove iptables templates
- Remove lokkit-apply action
- Simplify firewall-adjust action
Drop lokkit-based firewall implementation. Refs #3258
Drop lokkit-based firewall implementation. Refs #3258
Drop lokkit-based firewall implementation. Refs #3258
Web UI: use InterfaceRoleList prop to list network available roles. Refs #3258
DB: cleanup unused prop. Refs #3258
Drop lokkit-based firewall implementation. Refs #3258
- Enable Shorewall at boot
- Disable iptables service at boot
- Split UI into a different RPM
History
#1 Updated by Giacomo Sanchietti almost 6 years ago
- Category set to <multiple packages>
- Status changed from NEW to TRIAGED
- Target version set to v6.7-rc1
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti almost 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#3 Updated by Giacomo Sanchietti almost 6 years ago
- Subject changed from Drop lokkit support, always use lokkit to Drop lokkit support, always use shorewall
#4 Updated by Giacomo Sanchietti almost 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#5 Updated by Giacomo Sanchietti almost 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-base-2.8.1-1.2.ga1a65e2.ns6.noarch.rpm
- nethserver-firewall-base-2.7.2-1.1.gadbe50b.ns6.noarch.rpm
- nethserver-firewall-base-ui-2.7.2-1.1.gadbe50b.ns6.noarch.rpm
- nethserver-dnsmasq-1.5.1-1.1.g2b78bc9.ns6.noarch.rpm
- nethserver-hylafax-1.1.2-1.1.ga273099.ns6.noarch.rpm
- nethserver-vsftpd-1.0.2-1.1.gfa86ac5.ns6.noarch.rpm
- On a clean machine with at least one service running (eg. nethserver-httpd) execute:
yum --enablerepo=nethserver-testing update @nethserver-iso
- Check the service is still acccessible
- Check rules are applied using Shorewall
- On a machine where shorewall is installed update from testing
- All whould work as before the update
- To re-install the web interface:
yum --enablerepo=nethserver-testing update @nethserver-firewall-base
- After test case 1 or 2, install nethserver-dnsmasq
- Check port 67-69 and 53 are open
- After test case 1 or 2, install nethserver-vsftpd
- Check nf_conntrack_ftp module is loaded:
lsmod | grep nf_conntrack_ftp
- After test case 1 or 2, install nethserver-hylafax
- Check nf_conntrack_ftp module is loaded:
lsmod | grep nf_conntrack_ftp
#6 Updated by Davide Principi almost 6 years ago
- Assignee set to Davide Principi
#7 Updated by Davide Principi almost 6 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
VERIFIED
Note: remove nethserver-password from nethserver-iso
YUM group (see #3260)
#8 Updated by Davide Principi almost 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
CLOSED
In nethserver-base/6.7:
nethserver-base-2.9.0-1.ns6.noarch.rpm
nethserver-firewall-base-2.8.0-1.ns6.src.rpm
nethserver-firewall-base-ui-2.8.0-1.ns6.noarch.rpm
nethserver-dnsmasq-1.5.2-1.ns6.noarch.rpm
nethserver-hylafax-1.1.3-1.ns6.noarch.rpm
nethserver-vsftpd-1.0.3-1.ns6.noarch.rpm