From 7d4283d7b846b1e60a0dd642c640f9d08336a7da Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Fri, 11 Nov 2022 11:39:55 -0800
Subject: [PATCH] email: Add protection to local service using firewall

Tests:

- When app is freshly installed, nft rules are inserted.

- Trying to connect to local daemon from fbx user fails.

- Functional tests pass.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 plinth/modules/email/__init__.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/plinth/modules/email/__init__.py b/plinth/modules/email/__init__.py
index 03e2564dd..33832622b 100644
--- a/plinth/modules/email/__init__.py
+++ b/plinth/modules/email/__init__.py
@@ -12,7 +12,8 @@ from plinth.daemon import Daemon
 from plinth.modules.apache.components import Webserver
 from plinth.modules.backups.components import BackupRestore
 from plinth.modules.config import get_domainname
-from plinth.modules.firewall.components import Firewall
+from plinth.modules.firewall.components import (Firewall,
+                                                FirewallLocalProtection)
 from plinth.modules.letsencrypt.components import LetsEncrypt
 from plinth.package import Packages, uninstall
 from plinth.privileged import service as service_privileged
@@ -51,7 +52,7 @@ class EmailApp(plinth.app.App):
 
     app_id = 'email'
 
-    _version = 1
+    _version = 2
 
     def __init__(self):
         """Initialize the email app."""
@@ -130,6 +131,10 @@ class EmailApp(plinth.app.App):
                             is_external=True)
         self.add(firewall)
 
+        firewall_local_protection = FirewallLocalProtection(
+            'firewall-local-protection-email', ['11334'])
+        self.add(firewall_local_protection)
+
         # /rspamd location
         webserver = Webserver(
             'webserver-email',  # unique id