provide firewall (e.g. ufw) tools

[mario-fink]

The need for ufw/firewall may be negligible since:

1. ReswarmOS does not have any open ports by default except:
   • ssh on port 22, which only accepts public key logins (=> move ssh to non-standard port may further decrease vulnerability)
   • systemd-resolved.service on port 53 for Network Name Resolution
2. Docker apps only may add to vulnerability by creating any open endpoints. That may require the user to manage these by e.g. ufw. This, however, raises the question of how the user is expected to manage ufw/firewall:
   • just connect via ssh and manage it (requires access to local network)
   • offer Reswarm frontend firewall management panel

[markope]

actually we do have a (deactivated) frontend for ufw .

The main use case I have in mind is for users with network privileges to restrict outbound traffic. So a company like Conti could make sure, that apps can send data only to whitelisted IP addresses. Users with the NETWORK privilege on devices can now ensure this and developers could not override it.

[mario-fink]

okay, if you want to reactivate that frontend we can simply add the tool to ReswarmOS... however it'll probably be included in the new "full"/heavy-weight image version anyway...

[markope]

not now, this is a feature. Just wanted to motivate it.