Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Try to design a check for misuage of "yunohost firewall allow" #79

Open
alexAubin opened this issue Mar 31, 2020 · 2 comments
Open

Try to design a check for misuage of "yunohost firewall allow" #79

alexAubin opened this issue Mar 31, 2020 · 2 comments

Comments

@alexAubin
Copy link
Member

Many apps do use this because they think "oh, that service I installed uses a port ... I should allow it in the firewall" whereas it's only for internal use ... Which is in fact a security issue (maybe not if being a NAT, but it is for a VPS)

Maybe use the --need-exposed-port of 3.8 ... Or maybe check for proxy_pass in the nginx conf ...
@alexAubin
Copy link
Member Author

I believe it's done

@tituspijean
Copy link
Contributor

Reopening this, since I have just seen the following warning in Jellyfin:

! Some message is talking about 'Configuring firewall' but there's no mention of 'yunohost firewall allow' ... If you're only finding an available port for internal reverse proxy, this has nothing to do with 'Configuring the firewall', so the message should be changed to avoid confusion...

In the use case of Jellyfin, we need to have port 1900 opened on the server for auto-discovery of the service on the local network, but not opened on the router to the Internet. Somewhat related to YunoHost/issues#2030

@tituspijean tituspijean reopened this Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexAubin @tituspijean