From f518c75922666dc059bfef4beb51c798ec0f1cde Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Fri, 11 Nov 2022 11:27:58 -0800 Subject: [PATCH] syncthing: Add protection to local service using firewall Tests: - When app is freshly installed, nft rules are inserted. - Trying to connect to local daemon from fbx user fails. - Functional tests pass. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- plinth/modules/syncthing/__init__.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plinth/modules/syncthing/__init__.py b/plinth/modules/syncthing/__init__.py index fb1d53a64..4fb74dc95 100644 --- a/plinth/modules/syncthing/__init__.py +++ b/plinth/modules/syncthing/__init__.py @@ -8,7 +8,8 @@ from plinth import cfg, frontpage, menu from plinth.daemon import Daemon from plinth.modules.apache.components import Webserver from plinth.modules.backups.components import BackupRestore -from plinth.modules.firewall.components import Firewall +from plinth.modules.firewall.components import (Firewall, + FirewallLocalProtection) from plinth.modules.users import add_user_to_share_group from plinth.modules.users import privileged as users_privileged from plinth.modules.users.components import UsersAndGroups @@ -41,7 +42,7 @@ class SyncthingApp(app_module.App): app_id = 'syncthing' - _version = 5 + _version = 6 DAEMON = 'syncthing@syncthing' @@ -86,6 +87,10 @@ class SyncthingApp(app_module.App): ports=['syncthing'], is_external=True) self.add(firewall) + firewall_local_protection = FirewallLocalProtection( + 'firewall-local-protection-syncthing', ['8384']) + self.add(firewall_local_protection) + webserver = Webserver('webserver-syncthing', 'syncthing-plinth', urls=['https://{host}/syncthing/']) self.add(webserver)