- Significantly reduce the time taken to perform the operations in the following
cases:
- Enable/disable an app
- list services in firewall page
- Load app page when interfaces belonging to internal zone need to shown
- First run setup of FreedomBox
- Install a polkit local authority configuration file to allow FreedomBox
service to perform: information queries and configuration changes.
- Drop unused actions.
- Alter the template for showing firewall port information since port/protocol
pairs are no longer pre-formatted.
- Handle errors when trying to get ports details of an unknown service.
Tests performed:
- Enable/disable an app. Ensure with firewall-cmd that ports are added/removed
properly.
- Temporarily modify code to call add_service() and remove_service() twice in a
row. Perform enable/disable operations and ensure that there are not error
thrown to test that add/remove services operations are idempotent.
- Visit the firewalld page and see the current state is reflected properly.
- Visit an app that shows the list of interfaces in firewall zone. Internal
interfaces should be listed properly.
- Reset the installed version of firewall app and disable all firewall services.
Start FreedomBox and ensure that when setup is re-run, default ports (http,
https, dns and dhcp) are opened properly. Run again but with ports already
enabled to check that the setup operation is idempotent.
- Visit diagnostics of an app that uses firewall components and see that ports
are listed properly in the port diagnostic test result.
- Remove some needed services such as those in /etc/firewalld/services and try
to visit the firewalld page. The page should show blank details against the
affected services.
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Add interface to get port types and numbers for a service.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This is a workaround for the problem that when restarting firewalld with
iptables backend, flushing fails and starting with nftables also fails requiring
a restart to recover the problem.
Fixes#1440.
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
restart service after setting the firewall backend
Fixes#1400Fixes#1430
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is no need to restart firewalld after the setup steps run.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Ports are allowed in default zone as soon as a service is enabled
- Ports are disabled when all services depending on the port are disabled
- Shows current enabled state of services and their each of thier ports
