Loading...
 

How to install Dynamic Firewall on ClearOS

The dynamic firewall app allows an administrator to generate and implement very specific, time-based, firewall rules triggered off events.


For example, rather than opening up ports for SSH, OpenVPN or the Syncthing admin panel to the entire Internet, the Dynamic Firewall app can be configured to open these ports after a user authenticates via the ClearOS admin panel (ideally, using two-factor) from the source IP of the user logging on.

In short, this app allows you to reduce your network's exposure while still providing essential services to remote users.

Install

From the Marketplace

Install from web interface (in the Network section), like all the other apps: Dynamic Firewall app for ClearOS

Manually

yum install app-firewall-dynamic

How to access

In the ClearOS admin panel, navigate to "Network -> Firewall -> Firewall Dynamic".

Protected apps

  • SSH
  • OpenVPN
  • Syncthing (per user)

On roadmap

  • phpMyAdmin
  • Openfire admin panel
  • Kimchi admin panel (8001)

Later

  • Tiki, presumably via generic port 80 / 81 protection like htpasswd
  • Elasticsearch : Adminer is protected via Webconfig?
  • Kibana? not sure if needed yet (will everything go via Tiki? I guess standalone protection makes sense)
  • FusionPBX
  • Kimchi virtual machines
  • Piwik (We will try to get Piwik installed via Tiki, and thus protected by Tiki)

Show php error messages