Bug 11570

Summary: make access from blue network to WebUI configurable
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Alexander Marx <alexander.marx>
Status: ASSIGNED --- QA Contact:
Severity: Balancing    
Priority: Will affect an average number of users CC: michael.tremer
Version: 2Keywords: NewFeature, Security
Hardware: all   
OS: All   
Bug Depends on:    
Bug Blocks: 12278    

Description Peter Müller 2017-12-20 14:53:32 UTC 
Access from BLUE to the firewall's WebUI is currently permitted by default, which might be unwanted int certain scenarios.

I think we should introduce a button somewhere (firewall options?) to disable that easily, so users will not need to add firewall rules for that.

In my point of view, it might be a good idea to change the default settings here, but that needs to be discussed first.
Comment 1 Michael Tremer 2018-05-03 12:02:45 UTC 
We certainly need to allow access for port 81 (update accelerator, password change for proxy users, etc.).

It is not possible at all to disabled access to the WebUI from GREEN (not even with creating custom firewall rules).

I am okay with this change going ahead. I am not sure what the default should be. It would probably still be possible to access the WebUI from BLUE by using the GREEN IP address. That should be blocked then, too.