| 2016-09-18 17:55:30 |
ovdeathiam |
bug |
|
|
added bug |
| 2016-09-18 17:55:30 |
ovdeathiam |
attachment added |
|
Firewall plug https://bugs.launchpad.net/bugs/1624907/+attachment/4743230/+files/firewall.png |
|
| 2016-09-18 17:58:15 |
ovdeathiam |
description |
The firewall works as a frontent for ufw but it is not able to show many of ufw's configurations properly. The attached screenshot is from my firewall window and here is the same ufw configuration from the cli:
To Action From
-- --------- -
[ 1] 22 ALLOW IN Anywhere
[ 2] 5900 ALLOW IN Anywhere
[ 3] 9091 ALLOW IN Anywhere
[ 4] Anywhere DENY IN 146.66.156.0/23
[ 5] Anywhere DENY IN 185.25.180.0/23
[ 6] Anywhere DENY IN 155.133.240.0/22
[ 7] 146.66.156.0/23 DENY OUT Anywhere (out)
[ 8] 185.25.180.0/23 DENY OUT Anywhere (out)
[ 9] 155.133.240.0/22 DENY OUT Anywhere (out)
Functionality missing comparing to ufw:
* setting rules for entire subnets
* setting rule direction (outbound or inbound)
* commenting on rules
* adding rules onto specific place on the list since rule order does matter in firewalls
Why this is all important on simple setups:
* We can't restrict ssh to allow only LAN connections
* We can't block a malicius subnets
* Rule order is important on firewalls and the only way to change first rule on 9 rule firewall via gui is currently to remove all rules and readd them in the correct order.
Aditional thoughts:
* Adding a single rule always creates two rules (ipv4, ipv6) which is confusing at first
* distinguishing between ipv4 and ipv6 is a blue checkbox which is missleading because at first everyone ive asked thought that these were rule on/off switches. |
The firewall works as a frontent for ufw but it is not able to show many of ufw's configurations properly. The attached screenshot is from my firewall window and here is the same ufw configuration from the cli:
To Action From
-- --------- -
[ 1] 22 ALLOW IN Anywhere
[ 2] 5900 ALLOW IN Anywhere
[ 3] 9091 ALLOW IN Anywhere
[ 4] Anywhere DENY IN 146.66.156.0/23
[ 5] Anywhere DENY IN 185.25.180.0/23
[ 6] Anywhere DENY IN 155.133.240.0/22
[ 7] 146.66.156.0/23 DENY OUT Anywhere (out)
[ 8] 185.25.180.0/23 DENY OUT Anywhere (out)
[ 9] 155.133.240.0/22 DENY OUT Anywhere (out)
Functionality missing comparing to ufw:
* setting rules for entire subnets
* setting rule direction (outbound or inbound)
* commenting on rules
* adding rules onto specific place on the list since rule order does matter in firewalls
Why this is all important on simple setups:
* We can't restrict ssh to allow only LAN connections
* We can't block a malicius subnets
* Rule order is important on firewalls and the only way to change first rule on 9 rule firewall via gui is currently to remove all rules and readd them in the correct order.
Aditional thoughts:
* Adding a single rule always creates two rules (ipv4, ipv6) which is confusing at first
* distinguishing between ipv4 and ipv6 is a blue checkbox which is missleading because at first everyone ive asked thought that these were rule on/off switches
* privacy plug\s sudo authorisation timeouts pretty fast which is very annoying when configuring the firewall |
|
| 2016-09-18 18:08:20 |
ovdeathiam |
description |
The firewall works as a frontent for ufw but it is not able to show many of ufw's configurations properly. The attached screenshot is from my firewall window and here is the same ufw configuration from the cli:
To Action From
-- --------- -
[ 1] 22 ALLOW IN Anywhere
[ 2] 5900 ALLOW IN Anywhere
[ 3] 9091 ALLOW IN Anywhere
[ 4] Anywhere DENY IN 146.66.156.0/23
[ 5] Anywhere DENY IN 185.25.180.0/23
[ 6] Anywhere DENY IN 155.133.240.0/22
[ 7] 146.66.156.0/23 DENY OUT Anywhere (out)
[ 8] 185.25.180.0/23 DENY OUT Anywhere (out)
[ 9] 155.133.240.0/22 DENY OUT Anywhere (out)
Functionality missing comparing to ufw:
* setting rules for entire subnets
* setting rule direction (outbound or inbound)
* commenting on rules
* adding rules onto specific place on the list since rule order does matter in firewalls
Why this is all important on simple setups:
* We can't restrict ssh to allow only LAN connections
* We can't block a malicius subnets
* Rule order is important on firewalls and the only way to change first rule on 9 rule firewall via gui is currently to remove all rules and readd them in the correct order.
Aditional thoughts:
* Adding a single rule always creates two rules (ipv4, ipv6) which is confusing at first
* distinguishing between ipv4 and ipv6 is a blue checkbox which is missleading because at first everyone ive asked thought that these were rule on/off switches
* privacy plug\s sudo authorisation timeouts pretty fast which is very annoying when configuring the firewall |
The firewall works as a frontent for ufw but it is not able to show many of ufw's configurations properly. The attached screenshot is from my firewall window and here is the same ufw configuration from the cli:
To Action From
-- --------- -
[ 1] 22 ALLOW IN Anywhere
[ 2] 5900 ALLOW IN Anywhere
[ 3] 9091 ALLOW IN Anywhere
[ 4] Anywhere DENY IN 146.66.156.0/23
[ 5] Anywhere DENY IN 185.25.180.0/23
[ 6] Anywhere DENY IN 155.133.240.0/22
[ 7] 146.66.156.0/23 DENY OUT Anywhere (out)
[ 8] 185.25.180.0/23 DENY OUT Anywhere (out)
[ 9] 155.133.240.0/22 DENY OUT Anywhere (out)
Functionality missing comparing to ufw:
* setting rules for entire subnets
* setting rule direction (outbound or inbound)
* commenting on rules
* adding rules onto specific place on the list since rule order does matter in firewalls
Why this is all important on simple setups:
* We can't restrict ssh to allow only LAN connections
* We can't block a malicius subnets
* Rule order is important on firewalls and the only way to change first rule on 9 rule firewall via gui is currently to remove all rules and readd them in the correct order.
Aditional thoughts:
* Adding a single rule always creates two rules (ipv4, ipv6) which is confusing at first
* distinguishing between ipv4 and ipv6 is a blue checkbox which is missleading because at first everyone ive asked thought that these were rule on/off switches
* privacy plug\s sudo authorisation timeouts pretty fast which is very annoying when configuring the firewall
* denying a reeintry of sudo credentials result in a hangup privacy plug window |
|
| 2017-03-05 18:47:32 |
David Hewitt |
branch linked |
|
lp:~davidmhewitt/switchboard-plug-security-privacy/fix-1312461-control-rule |
|
