nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-04-08 09:41:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

calibre: Add protection to local service using firewall

Browse Source 
Tests:

- When app is freshly installed, nft rules are inserted.

- When app is upgraded from older version, nft rules are inserted.

- When app is enabled/disabled, nft rules are added/removed.

- When app is uninstalled, rules are removed

- Inserted rules are after the basic setup rules inserted firewall app.

- Trying to connect to local daemon from fbx user fails. Trying to access as
root user or apache succeeds. Test connecting with 'nc localhost <port>'.

- Functional tests pass.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Sunil Mohan Adapa 2022-11-11 11:15:56 -08:00 committed by James Valleroy
parent 4bf347dbe3
commit 05e5ec4011
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
plinth/modules/calibre/__init__.py
View File

@ -10,7 +10,8 @@ from plinth import cfg, frontpage, menu
from plinth.daemon import Daemon
from plinth.modules.apache.components import Webserver
from plinth.modules.backups.components import BackupRestore
from plinth.modules.firewall.components import Firewall
from plinth.modules.firewall.components import (Firewall,
FirewallLocalProtection)
from plinth.modules.users.components import UsersAndGroups
from plinth.package import Packages
from plinth.utils import format_lazy
@ -40,7 +41,7 @@ class CalibreApp(app_module.App):
app_id = 'calibre'
_version = 1
_version = 2
DAEMON = 'calibre-server-freedombox'
@ -78,6 +79,10 @@ class CalibreApp(app_module.App):
ports=['http', 'https'], is_external=True)
self.add(firewall)
firewall_local_protection = FirewallLocalProtection(
'firewall-local-protection-calibre', ['8844'])
self.add(firewall_local_protection)
webserver = Webserver('webserver-calibre', 'calibre-freedombox',
urls=['https://{host}/calibre'])
self.add(webserver)
@ -98,7 +103,8 @@ class CalibreApp(app_module.App):
def setup(self, old_version):
"""Install and configure the app."""
super().setup(old_version)
self.enable()
if not old_version:
self.enable()
def validate_library_name(library_name):