Feature #866
Firewall adjust action
| Status: | CLOSED | Start date: | 03/13/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-base | |||
| Target version: | DEV1 | |||
| Resolution: | NEEDINFO: |
Description
The firewall-adjust action acts on the firewall configuration, to allow access to enabled services only.
For each service key in the configuration database:
ifservice hasstatus=enabledinvoke enable scriptelseinvoke disable script
At the end, invoke apply script, to persist changes.
Each script receives ${SERVICE}, ${PORT}, ${PROTO} parameters
Scripts are stored under firewall key in configuration database: by default they invoke lokkit.
Script templates (for lokkit backend)¶
OPEN
/usr/bin/lokkit -n -p ${PORT}:${PROTO}
CLOSE
sed -i /^--port=${PORT}:${PROTO}/d /etc/sysconfig/system-config-firewall;
APPLY
/usr/bin/lokkit --update
Related issues
Associated revisions
firewall-adjust: added action and default lokkit-based configuration. Refs #866 - Firewall adjust action
firewall-adjust: fixed prop names Port|Ports. Refs #866 - Firewall adjust action
modSSL: set ServiceFirewallName to https. Refs #866 - Firewall adjust action
firewall-adjust action: skip unchanged service port configurations. Refs #866 -- Firewall adjust action
firewall-adjust action: previous open port list is now stored in `__fwAdjust` prop, to keep it distinct from others. Refs #866
firewall-adjust action: clear __fwAdjust* prop when action is CLOSE. Refs #866 -- Firewall adjust action
firewall-adjust action: skip unchanged service configurations. Refs #866 -- Firewall adjust action
History
#1
Updated by Davide Principi over 9 years ago
- Status changed from NEW to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 0 to 90
#2
Updated by Davide Principi over 9 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 90 to 100
#3
Updated by Davide Principi over 8 years ago
- Project changed from 1 to NethServer 6