252018-03-11 03:12:12JosephNuthalapatiFix oversized image242017-03-31 20:25:36DrahtseilScreenshot Firewall232017-01-08 02:18:51JamesValleroyadd minetest222017-01-08 02:17:46JamesValleroyfix table spacing212017-01-08 02:16:47JamesValleroyadd repro202017-01-08 02:10:57JamesValleroyadd mumble192017-01-08 02:08:58JamesValleroyadd quassel182017-01-08 01:55:02JamesValleroyreorder to match Plinth Firewall page172017-01-07 21:07:25JamesValleroyupdate managed by plinth162017-01-07 20:54:21JamesValleroyupdate statuses shown in plinth152017-01-07 20:51:16JamesValleroyupdated services enabled by default142017-01-07 20:49:50JamesValleroyfix table spacing132017-01-07 20:47:32JamesValleroyjwchat replaced with jsxc122017-01-07 20:45:27JamesValleroyremove owncloud from ports list112016-01-13 23:19:49JamesValleroyport -> service102015-12-15 00:51:46JamesValleroyfew corrections92015-09-16 11:06:29SunilMohanAdapaUpdate an oudated link82015-09-16 08:18:17SunilMohanAdapaRemove unnecessary automatic links72015-09-13 15:06:40SunilMohanAdapaModify structure for inclusion into manual62015-09-12 11:19:31SunilMohanAdapaMove the firewall page to Manual paths52015-09-12 09:37:40SunilMohanAdapaMove networking related information to Networks page, cleanup42015-02-13 04:53:16SunilMohanAdapaInclude FreedomBox portal in footer32014-05-08 08:02:39SunilMohanAdapaAdd section on internet connection sharing and minor corrections22014-05-08 07:49:29PaulWiselink to the plinth source12014-05-08 07:36:15SunilMohanAdapaNew page documenting firewall operation and default port status

Firewall is a network security system that controls the incoming and outgoing network traffic. Keeping a firewall enabled and properly configured reduces risk of security threat from the Internet. The operation of the firewall in Plinth web interface of FreedomBox is automatic. When you enable a service it is automatically permitted in the firewall and when you disable a service it is automatically disabled in the firewall. For services which are enabled by default on FreedomBox, firewall ports are also enabled by default during the first run process. Firewall Firewall management in FreedomBox is done using FirewallD.

Each interface is needs to be assigned to one (and only one) zone. Whatever rules are in effect for a zone, those rules start to apply for that interface. For example, if HTTP traffic is allowed in a particular zone, then web requests will be accepted on all the addresses configured for all the interfaces assigned to that zone. There are primarily two firewall zones used. The internal zone is meant for services that are provided to all machines on the local network. This may include services such as streaming media and simple file sharing. The external zone is meant for services that are provided publicly on the Internet. This may include services such as blog, website, email web client etc. For details on how network interfaces are configured by default, see the Networks section.

The following table attempts to document the ports, services and their default statuses in FreedomBox. If you find this page outdated, see the Plinth source for lib/freedombox/first-run.d/90_firewall and Firewall status page in Plinth UI. ServicePort ExternalEnabled by defaultStatus shown in PlinthManaged by Plinth Minetest 30000/udp {*} {X} (./) (./) XMPP Client 5222/tcp {*} {X} (./) (./) XMPP Server 5269/tcp {*} {X} (./) (./) XMPP Bosh 5280/tcp {*} {X} (./) (./) NTP 123/udp {o} (./) (./) (./) Plinth 443/tcp {*} (./) (./) {X} Quassel 4242/tcp {*} {X} (./) (./) SIP 5060/tcp {*} {X} (./) (./) SIP 5060/udp {*} {X} (./) (./) SIP-TLS 5061/tcp {*} {X} (./) (./) SIP-TLS 5061/udp {*} {X} (./) (./) RTP 1024-65535/udp {*} {X} (./) (./) SSH 22/tcp {*} (./) (./) {X} mDNS 5353/udp {o} (./) (./) (./) Tor (Socks) 9050/tcp {o} {X} (./) (./) Obfsproxy <random>/tcp {*} {X} (./) (./) OpenVPN 1194/udp {*} {X} (./) (./) Mumble 64378/tcp {*} {X} (./) (./) Mumble 64378/udp {*} {X} (./) (./) Privoxy 8118/tcp {o} {X} (./) (./) JSXC 80/tcp {*} {X} {X} {X} JSXC 443/tcp {*} {X} {X} {X} DNS 53/tcp {o} {X} {X} {X} DNS 53/tdp {o} {X} {X} {X} DHCP 67/udp {o} (./) {X} {X} Bootp 67/tcp {o} {X} {X} {X} Bootp 67/udp {o} {X} {X} {X} Bootp 68/tcp {o} {X} {X} {X} Bootp 68/udp {o} {X} {X} {X} LDAP 389/tcp {o} {X} {X} {X} LDAPS 636/tcp {o} {X} {X} {X}

See FirewallD documentation for more information on the basic concepts and comprehensive documentation.

To disable firewall or with systemd To re-enable firewall or with systemd

You can manually add or remove a service from a zone. To see list of services enabled: --list-services]]>Example: To see list of ports enabled: --list-ports]]>Example: To remove a service from a zone: --remove-service= firewall-cmd --permanent --zone= --remove-service=]]>Example: To remove a port from a zone: / firewall-cmd --permanent --zone=internal --remove-port=/]]>Example: To add a service to a zone: --add-service= firewall-cmd --permanent --zone= --add-service=]]>Example: To add a port to a zone: / firewall-cmd --permanent --zone=internal --add-port=/]]>Example:

You can manually change the assignment of zones of each interfaces after they have been autuomatically assigned by the first boot process. To see current assignment of interfaces to zones: To remove an interface from a zone: --remove-interface= firewall-cmd --permanent --zone= --remove-interface=]]>Example: To add an interface to a zone: --add-interface= firewall-cmd --permanent --zone= --add-interface=]]>Example: InformationSupportContributeReportsPromoteOverview Hardware Live Help Where To Start Translate Calls Talks Features Vision Q&A Design To Do Releases Press Download Manual Code Contributors Blog FreedomBox for Communities HELP & DISCUSSIONS: Discussion Forum - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project Next call: Saturday, October 12th at 14:00 UTC Latest news: Announcing Pioneer FreedomBox Kits - 2019-03-26 This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license. CategoryFreedomBox