Firewall portion of plug should use FirewallD instead of ufw
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Switchboard Security & Privacy Plug |
In Progress
|
Undecided
|
Corentin Noël | ||
Bug Description
This plug currently requires ufw and executes ufw commands through pkexec to apply rules.
However, a better approach would be to use FirewallD[1] and communicate with it via D-Bus. This also has the advantage of making it less brittle as communication via D-Bus is easier to manage than pkexec calls and allows for more granular privilege control (reducing the need to escalate privileges to merely when you need to write new rules).
FirewallD also supports a service-oriented model for managing firewall rules. For example, if you're controlling via the CLI, to close the SSH port, you can just do "firewall-cmd --remove-
You can, of course, still specify ports and stuff. Via the CLI, it's merely "firewall-cmd --(add|
It also has a concept of zones, so you can expose that if you'd like as well.
Everything about FirewallD is available via D-Bus, and all the tools currently written use D-Bus to communicate with it.
FirewallD is available as "firewalld" in Ubuntu.
Related branches
- Danielle Foré: Needs Fixing
-
Diff: 805 lines (+199/-491)8 files modifiedCMakeLists.txt (+0/-4)
data/org.pantheon.security-privacy.policy.cmake (+0/-20)
data/security-privacy-plug-helper (+0/-24)
src/CMakeLists.txt (+1/-1)
src/FirewallPanel.vala (+149/-209)
src/Firewalld.vala (+49/-0)
src/Plug.vala (+0/-35)
src/UFWHelpers.vala (+0/-198)
| description: | updated |
| Changed in switchboard-plug-security-privacy: | |
| status: | New → Confirmed |
| Changed in switchboard-plug-security-privacy: | |
| assignee: | nobody → Corentin Noël (tintou) |
| status: | Confirmed → In Progress |
| tags: | added: cross-distro |
