On Tuesday 22 April 2014 04:01 PM, Petter Reinholdtsen wrote: [...] > > You also sent a patch for freedombox-setup, and I believe most of those > changes should go into plinth instead. I've merged the parts I think > should go into freedombox-setup (installing firewalld, making sure > init.d/first-run executes after it is started).
I agree that firewall initial configuration could go into Plinth. And slowing they may be removed entirely in favor enabling/disabling them only when corresponding service is enabled/disabled from Plinth. > > If I got it right, enabling firewalld will block everything by default, > making me suspect that we need to get the rules to enable active > services in place before we upload the new freedombox-setup package to > unstable. Am I right? Yes. I am submitting the required changes to Plinth. We should upload Plinth first and then freedombox-setup. > > Btw, did you look at the init.d/proxy script in freedombox-setup? It > set up a bunch of iptables rules, and those should perhaps be ported to > firewalld rules? Perhaps even moved from freedombox-setup to plinth? > I totally overlooked the proxy script in my exploration of freedombox-setup for firewall purpose. :) I didn't test for it either :) It might in fact clash with FirewallD and FirewallD might remove those rules. I shall work on converting the rules to firewalld equivalent. Thank you, -- Sunil
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss