On 18.02.2013 11:10, Daniel Wagner wrote:
Hi Patrik,
On 18.02.2013 09:40, Patrik Flykt wrote:
Currently there exists no API where iptables rules can be set. The flush
code does not change the default chain policy at the moment, so any
pre-existing iptables rules setting default policy to reject and relying
on individual iptables rules allowing packets going through will prevent
all IP communication.
For the time being disable iptables flush on init. Thus please be careful
with iptables rules.
Ack. So we need to start talking about how such an API looks like. What
kind of iptables rules do you have in mind? Simple things like
iptables -A INPUT -p tcp --dport http -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
Would that be something we could express as (a first shot into the dark,
probably too simple)
Service API:
Properties
array{string} OpenPorts [readwrite] [experimental]
A list of ports which are are accessible from
remote hosts.
If the global FirewallPolicy setting is set
to disabled then this Property is ignored.
The entries can be either well known names,
such as "ssh" or "http" or port numbers. It is
also possible to provide a range of ports, e.g.
"2900-3000".
I don't know if we want also to have grouping of some sort. Something
you get asked by Windows if you join a new network. I guess that should
be rather avoided. I just was not sure if having to set OpenPorts to
each service is a good idea.
_______________________________________________
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
