Bug 11570 - make access from blue network to WebUI configurable
Summary: make access from blue network to WebUI configurable
Status: ASSIGNED
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all All
: Will affect an average number of users Balancing
Assignee: Alexander Marx
QA Contact:
URL:
Keywords: NewFeature, Security
Depends on:
Blocks: FWBUGS
  Show dependency treegraph
 
Reported: 2017-12-20 14:53 UTC by Peter Müller
Modified: 2020-01-22 21:26 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2017-12-20 14:53:32 UTC 
Access from BLUE to the firewall's WebUI is currently permitted by default, which might be unwanted int certain scenarios.

I think we should introduce a button somewhere (firewall options?) to disable that easily, so users will not need to add firewall rules for that.

In my point of view, it might be a good idea to change the default settings here, but that needs to be discussed first.
Comment 1 Michael Tremer 2018-05-03 12:02:45 UTC 
We certainly need to allow access for port 81 (update accelerator, password change for proxy users, etc.).

It is not possible at all to disabled access to the WebUI from GREEN (not even with creating custom firewall rules).

I am okay with this change going ahead. I am not sure what the default should be. It would probably still be possible to access the WebUI from BLUE by using the GREEN IP address. That should be blocked then, too.