[Sunil Mohan] > Hello, Hi.
>I have submitted patches[1] to Plinth so as to manage the firewall for >FreedomBox. Firewall shall operate automatically by enabling traffic >for services that are enabled and disabling traffic when the last of >the services using a port is disabled. I am very glad to see some work on a firewall solution for the FreedomBox. :) It is an area where I have little skills myself. > In the patches I propose to use FirewallD[2] as the tool that manages > iptables. It could be swapped out in my implementation with other such > tools with some effort. However, FirewallD seems to me the best fit > for our purpose. I have no opinion here. :) It seem fine to me, but I do not know the alternatives. :) I notice it uses dbus and provide a GUI tool as well. Not sure if that is an advantage or a problem for us, but it might make me use it on my own laptop. :) So far avahi and firewalld are the tools using dbus on the FreedomBox. :) I suspect we will use it more. :) > Your comments are welcome. You also sent a patch for freedombox-setup, and I believe most of those changes should go into plinth instead. I've merged the parts I think should go into freedombox-setup (installing firewalld, making sure init.d/first-run executes after it is started). If I got it right, enabling firewalld will block everything by default, making me suspect that we need to get the rules to enable active services in place before we upload the new freedombox-setup package to unstable. Am I right? Btw, did you look at the init.d/proxy script in freedombox-setup? It set up a bunch of iptables rules, and those should perhaps be ported to firewalld rules? Perhaps even moved from freedombox-setup to plinth? -- Happy hacking Petter Reinholdtsen _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss