Feature #866
Firewall adjust action
Status: | CLOSED | Start date: | 03/13/2012 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-base | |||
Target version: | DEV1 | |||
Resolution: | NEEDINFO: |
Description
The firewall-adjust
action acts on the firewall configuration, to allow access to enabled services only.
For each
service key in the configuration database:
if
service hasstatus=enabled
invoke enable scriptelse
invoke disable script
At the end, invoke apply script, to persist changes.
Each script receives ${SERVICE}
, ${PORT}
, ${PROTO}
parameters
Scripts are stored under firewall
key in configuration
database: by default they invoke lokkit
.
Script templates (for lokkit backend)¶
OPEN
/usr/bin/lokkit -n -p ${PORT}:${PROTO}
CLOSE
sed -i /^--port=${PORT}:${PROTO}/d /etc/sysconfig/system-config-firewall;
APPLY
/usr/bin/lokkit --update
Related issues
Associated revisions
firewall-adjust: added action and default lokkit-based configuration. Refs #866 - Firewall adjust action
firewall-adjust: fixed prop names Port|Ports. Refs #866 - Firewall adjust action
modSSL: set ServiceFirewallName to https. Refs #866 - Firewall adjust action
firewall-adjust action: skip unchanged service port configurations. Refs #866 -- Firewall adjust action
firewall-adjust action: previous open port list is now stored in `__fwAdjust` prop, to keep it distinct from others. Refs #866
firewall-adjust action: clear __fwAdjust* prop when action is CLOSE. Refs #866 -- Firewall adjust action
firewall-adjust action: skip unchanged service configurations. Refs #866 -- Firewall adjust action
History
#1 Updated by Davide Principi over 9 years ago
- Status changed from NEW to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 0 to 90
#2 Updated by Davide Principi over 9 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 90 to 100
#3 Updated by Davide Principi over 8 years ago
- Project changed from 1 to NethServer 6