nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

syncthing: Add protection to local service using firewall

Browse Source 
Tests:

- When app is freshly installed, nft rules are inserted.

- Trying to connect to local daemon from fbx user fails.

- Functional tests pass.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Sunil Mohan Adapa 2022-11-11 11:27:58 -08:00 committed by James Valleroy
parent 6b7556c6d3
commit f518c75922
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
plinth/modules/syncthing/__init__.py
View File

@ -8,7 +8,8 @@ from plinth import cfg, frontpage, menu
from plinth.daemon import Daemon
from plinth.modules.apache.components import Webserver
from plinth.modules.backups.components import BackupRestore
from plinth.modules.firewall.components import Firewall
from plinth.modules.firewall.components import (Firewall,
FirewallLocalProtection)
from plinth.modules.users import add_user_to_share_group
from plinth.modules.users import privileged as users_privileged
from plinth.modules.users.components import UsersAndGroups
@ -41,7 +42,7 @@ class SyncthingApp(app_module.App):
app_id = 'syncthing'
_version = 5
_version = 6
DAEMON = 'syncthing@syncthing'
@ -86,6 +87,10 @@ class SyncthingApp(app_module.App):
ports=['syncthing'], is_external=True)
self.add(firewall)
firewall_local_protection = FirewallLocalProtection(
'firewall-local-protection-syncthing', ['8384'])
self.add(firewall_local_protection)
webserver = Webserver('webserver-syncthing', 'syncthing-plinth',
urls=['https://{host}/syncthing/'])
self.add(webserver)