For example, rather than opening up ports for SSH, OpenVPN or the Syncthing admin panel to the entire Internet, the Dynamic Firewall app can be configured to open these ports after a user authenticates via the ClearOS admin panel (ideally, using two-factor) from the source IP of the user logging on.
Install from web interface (in the Network section), like all the other apps: Dynamic Firewall app for ClearOS
yum install app-firewall-dynamic
In the ClearOS admin panel, navigate to "Network -> Firewall -> Firewall Dynamic".
- Syncthing (per user)
- Openfire admin panel
- Kimchi admin panel (8001)
- Tiki, presumably via generic port 80 / 81 protection like htpasswd
- Elasticsearch : Adminer is protected via Webconfig?
- Kibana? not sure if needed yet (will everything go via Tiki? I guess standalone protection makes sense)
- Kimchi virtual machines
- Piwik (We will try to get Piwik installed via Tiki, and thus protected by Tiki)