CLIP OS system administrators (the admin user) should be able to change a subset of firewall setting for each cage. The main features are per cage incoming and outgoing port filtering.
[ ] System daemon for network namespace and firewall management:
[ ] Network namespace setup (ipsec0, etc.)
[ ] nftable rules loading in each network namespace
[ ] Dynamic firewall support with template based rulesets:
[ ] Templates for each cage stored in RO Core
[ ] Variables for each cage store in RW State
As we do not have a Python interpreter in the Core, we can not use or improve firewalld for such a feature and must thus develop our own solution.
CLIP OS system administrators (the
adminuser) should be able to change a subset of firewall setting for each cage. The main features are per cage incoming and outgoing port filtering.[ ] System daemon for network namespace and firewall management:
[ ] Dynamic firewall support with template based rulesets:
As we do not have a Python interpreter in the Core, we can not use or improve firewalld for such a feature and must thus develop our own solution.