nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Make default zone as 'external'

Browse Source 
Set the default firewall zone.  When network connections are configured
outside of FreedomBox/Plinth, they will not be able to serve the Plinth
web interface.  This is because all such interfaces will fall in the
default firewall zone and that is, by default, 'public'.  On 'public'
zone we don't allow Plinth web interface as this zone is not managed.

Configuration of network connections happen outside for
FreedomBox/Plinth for various reasons:

 - Existing network connections before installation of freedombox-setup

 - Connections configured in /etc/network/interfaces

 - Connections manually configured using nmtui

 - Connections created using GUI environments such as GNOME

Rather then clearing out /etc/network/interfaces during setup and
expecting the connections not to be created outside of Plinth, setting
the default firewall zone is a better approach.  This default zone
selection fits with the main purpose of FreedomBox to be a router which
is also reflected by the fact that only 'external'
This commit is contained in:
Sunil Mohan Adapa 2015-11-29 19:03:05 +05:30 committed by James Valleroy
parent 5234bffb3b
commit f2a4ffe394
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
data/usr/lib/freedombox/first-run.d/90_firewall
View File

@ -20,6 +20,33 @@
# /var/log/freedombox-first-run.log
set -x
# Set the default firewall zone. When network connections are
# configured outside of FreedomBox/Plinth, they will not be able to
# serve the Plinth web interface. This is because all such interfaces
# will fall in the default firewall zone and that is, by default,
# 'public'. On 'public' zone we don't allow Plinth web interface as
# this zone is not managed.
#
# Configuration of network connections happen outside for
# FreedomBox/Plinth for various reasons:
#
# - Existing network connections before installation of
# freedombox-setup
#
# - Connections configured in /etc/network/interfaces
#
# - Connections manually configured using nmtui
#
# - Connections created using GUI environments such as GNOME
#
# Rather then clearing out /etc/network/interfaces during setup and
# expecting the connections not to be created outside of Plinth,
# setting the default firewall zone is a better approach. This
# default zone selection fits with the main purpose of FreedomBox to
# be a router which is also reflected by the fact that only 'external'
# and 'internal' zones are managed.
firewall-cmd --set-default-zone=external
# Setup firewall rules for all the services enabled by default.
# Ideally all non-essential services are enabled from Plinth which
# automatically takes care of enabling appropirate firewall ports. The