Cockpit: How to track access to services by zone

In the new server-manager (cockpit) we can change access to services by creating firewall rules, but was wondering where can we see if a service is accessible from green/red/blue/orange network zone (or the default access of each service).

Through the details view on the Services section some services show the access as empty (-) and others show the zone (green, red…).

That is the right place to search. If a service has empty access, it means it’s not accessible from the network.

And for applications (roundcube, nextcloud, apps with auto-generated links…), access to them can be controlled by any means other than dbprops and firewall rules for related services (httpd…)?

Nothing changed on that side.
To limit access to web applications, you need a specific configuration inside the httpd template.
Some applications has already a prop to do it, but most of the them don’t have such configuration.

If we want to change such options from the UI, we need to create a specific app for it.