No, it’s not possible. But you are not the first that require this. Maybe we can think to implement that. For now you can use config setprop <service> access <zones> (e.g. config setprop httpd access green) and then a signal-event for that service like signal-event nethserver-httpd-update
This is under System > Services. By clicking on View you can see details for that service.
Policy routing are under Firewall > WAN in the second half of the page.
It is really a big step bigwards. If you have a firewall with IDS, it is ESSENTIAL to be able to see which parts are open to the internet, to be able to close all ports to the internet and open only those you need for you services (i.e. usually port forwarding), otherwise this firewall would be almost useless.
Cockpit should be a better replacement admin interface, but to fit this rule, the user must be able to set the essential and security relevant settings.
In my view it only displays a “Details” link, which I have to click for every service. The sold list with an overview which services are open on which ports and which networks was MUCH better. Could this be improved?
The function is still there but is now explicit: to open a port of a network service, you need to create a rule inside the firewall page.
With the old UI, you had 2 different ways to do the same thing and many users created conflicting rules.
So what is the best approach? I do not have an answer, but since more and more people are asking for something like the old view maybe we can improve it.
Do you still prefer to have 2 different and conflicting ways to do the same thing? Or we can just put a pointer to firewall application on the service page?
For sure, this is the simple part: expose the network properties inline into the table.
What do you think @edoardo_spadoni?
IF the rules would have been integrated into the normal rules page und were visible as normal rules, which let red traffig into the nethserver, it would be ok. Currrently there are open ports even though nothing points to this fact. It means that there are two possibilities to configure rules, but these create different rules types which are hidden from the general rule page.
A solution would be to convert the service rules into normal rules and display them as normal rules. The rules could be created by default, and the admin can view, enable or disable them like other rules.
Yes and no.
This solution could generate more support cases than needed, if the admin enable, change o destroy a rule, so this and previous arrangement are/were quite useful to avoid that.
As seen in several support topics, sometimes more than admins there are wanna-be admins. Maybe i am the first of this list.
Generally speaking, I’d think the firewall rules page should be similar to what I think the virtual hosts page should be (and also isn’t)–all the active rules should be listed there, and ideally should be able to be adjusted there. But for services managed by Neth, we shouldn’t require admins to know port numbers, tcp/udp, etc., nor to manually enter network addresses–the admin should be able to say that, e.g.,ejabberd should be available on red/orange/blue/green, and Neth figure out the rest.
I’d think the ideal arrangement would be that this could be specified, in this way, from the firewall rules page (perhaps with an “advanced” option to make more detailed changes to the rules). But, as we’d previously discussed with respect to the virtual hosts issue, that means that one page needs to know about everything that might be installed, what ports it needs, on which protocols, etc. So if it isn’t practical to do it this way, it could link to the relevant settings for whatever modules are installed. But at a minimum, all the applicable rules should at least be visible there.
@giacomo Do you think it’s better to expand Services page or add a new Service Access page under Firewall section? And in this new page show ports and access rules.
If you want to expand actual Services page I can have an idea. If you want to create a new page I can think…
I like this approach. It’s clear and all in one.
Only thing to consider is, that it’s maybe only for lager displays suitable.
In NethGUI we have “Services” and “Network Services” page. To merge them simplifies the GUI at all IMO.