Feature #7803

symbiosis-firewall reflecting changes made directly to iptables

Added by Anonymous almost 5 years ago. Updated about 4 years ago.

Status:NewStart date:2014-11-14
Priority:LowDue date:
Assignee:-% Done:

0%

Category:-
Target version:stretch

Description

Another wishlist item:

Symbiosis-firewall should be able to read the current state of iptables and ip6tables and update the representation of the firewall in /etc/symbiosis/firewall.d/ accordingly, as well as being able to update the firewall based on the contents of that same folder.

This would, I think, work best if the part of the system that provides blacklisting functionality was split out from the part that represents the state of the firewall on the system. It would also let us play nicely with fail2ban, something that some users would thank us for (and which would let us rely on a well established tool that has a surrounding community and ecosystem).

History

#1 Updated by John Hackett almost 5 years ago

Oops, that was by me, and I wasn't logged in.

#2 Updated by Patrick Cherry over 4 years ago

  • Target version set to jessie

#3 Updated by Patrick Cherry about 4 years ago

  • Target version changed from jessie to stretch

Also available in: Atom PDF