Switchboard Security & Privacy Plug

Create a Security & Privacy plug [$515]

Bug #801054 reported by Cody Garver
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Switchboard Security & Privacy Plug
Fix Released
Wishlist
Corentin Noël

Bug Description

There should be a plug for easy configuration of the firewall ( in this case I would suggest ufw). Normaly there is no need for a firewall, but if you wan't to e.g host a server, such a plug would really help you.

https://sites.google.com/site/codygarver/firewall.png

A privacy/security plug should also handle managing zeitgeist, screen lock options, and maybe stuff like keyring management and ssh keys

See original description
Revision history for this message
Avi Romanoff (aroman) wrote :

If you'll stop by #elementary-dev sometime, I or some of the other developers would be more than happy to help you write the plug.

I've started documenting switchboard here: http://elementaryos.org/docs/apis/switchboard

Albeit unfinished, it might be helpful :)

Changed in pantheon-plugs:
status: New → Triaged
importance: Undecided → Low
summary: - Firewall plug
+ Create a firewall plug
summary: - Create a firewall plug
+ Create a Firewall plug
Eduard Gotwig (gotwig)
Changed in pantheon-plugs:
assignee: nobody → Eduard Gotwig (gotwig)
Revision history for this message
Eduard Gotwig (gotwig) wrote : Re: Create a Firewall plug

I start working on this, this weekend.

I took a look at gufw, and I have to say that they very much complicated the task to solve such an "easy" problem.

You are able to control ufw completly for terminal, btw.

Changed in pantheon-plugs:
status: Triaged → In Progress
Eduard Gotwig (gotwig)
description: updated
Revision history for this message
Sergey "Shnatsel" Davidoff (shnatsel) wrote :

Sounds like firewalld is more appropriate for this use case. Just sayin'.

Revision history for this message
Eduard Gotwig (gotwig) wrote :

There are no packages available for it, at all.

Revision history for this message
Sergey "Shnatsel" Davidoff (shnatsel) wrote : Re: [Bug 801054] Re: Create a Firewall plug

Oh, it will be fixed eventually. Even I can fix that.

Revision history for this message
Eduard Gotwig (gotwig) wrote : Re: Create a Firewall plug

You don't understand the problem. There could the chance to use iptables, that would give the user the most functions.

Revision history for this message
Sergey "Shnatsel" Davidoff (shnatsel) wrote :

Firewalld provides an abstraction layer to ip*tables and ebtables, and also seems to allow editing "raw" configs. But first, does your target audience need the power of iptables? What exactly will the plug do?

Eduard Gotwig (gotwig)
Changed in pantheon-plugs:
assignee: Eduard Gotwig (gotwig) → nobody
Cody Garver (codygarver)
Changed in pantheon-plugs:
status: In Progress → Triaged
Cody Garver (codygarver)
Changed in pantheon-plugs:
importance: Low → Wishlist
tags: added: future
Cody Garver (codygarver)
tags: added: need-new-plug
Revision history for this message
Salvatore Merone (sal-merone) wrote :

Why don't you use iptables? I don't know ufw, but iptables is highly customizable and allows a great number of rules to be applied.

Also, even if i like the "main switch" for the Firewall, we need to lock the entire plug like we do with Accounts Switchboard Plug.

Revision history for this message
Danielle Foré (danrabbit) wrote : Re: Create a Security & Privacy plug

Adjusted the scope of the bug. Probably better to have a more thorough privacy/secuirty plug than a plug that only handles firewall

summary: - Create a Firewall plug
+ Create a Security & Privacy plug
description: updated
Revision history for this message
Danielle Foré (danrabbit) wrote :

Bounty on Bountysource: https://www.bountysource.com/issues/1431145-create-a-firewall-plug

summary: - Create a Security & Privacy plug
+ Create a Security & Privacy plug [$500]
Changed in pantheon-plugs:
milestone: none → isis+1-beta1
Danielle Foré (danrabbit)
summary: - Create a Security & Privacy plug [$500]
+ Create a Security & Privacy plug [$515]
Revision history for this message
Harvey Cabaguio (harveycabaguio) wrote :

Initial design

Corentin Noël (tintou)
Changed in pantheon-plugs:
assignee: nobody → Corentin Noël (tintou)
status: Triaged → In Progress
Corentin Noël (tintou)
affects: pantheon-plugs → switchboard-plug-security-privacy
Changed in switchboard-plug-security-privacy:
milestone: isis+1-beta1 → none
Revision history for this message
No Name (nonamenoname) wrote :

I don't think we should expose firewall settings. It makes only sense if we whitelist applications. Therefore we have to deny all connections and keep a list of exceptions. If i remove Empathy from the list, i won't be able to use messaging anymore. What about third-party applications connecting to random ports? What about P2P networking?
What rules should be present?

Revision history for this message
Corentin Noël (tintou) wrote :

Firewall settings are needed for only few people, most people have it integrated into the "Box" from their Internet Provider, but they are needed.
Firewall won't deny connection from an application but from a port and protocol.
My current implementation relies on Uncomplicated FireWall that is present in Ubuntu by default.

Revision history for this message
Danielle Foré (danrabbit) wrote :

Alright so we have it in the daily and we've posted about it to the dev community. The only bugs filed are minor or cosmetic so I'm gonna go ahead and mark this as fixed and we can catch any issues during beta

Changed in switchboard-plug-security-privacy:
milestone: none → isis-beta1
status: In Progress → Fix Committed
Danielle Foré (danrabbit)
Changed in switchboard-plug-security-privacy:
milestone: isis-beta2 → none
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.