search

linuxmint / warpinator

Share files across the LAN
GNU General Public License v3.0
1.21k stars 81 forks source link

UFW application profile #35

Open saraaba opened 4 years ago

saraaba commented 4 years ago

Needs an UFW application profile to put into /etc/ufw/applications.d/...

For example /etc/ufw/applications.d/warpinator

[Warpinator] title=Warpinator description=Sends and receives files over the network ports=42000/tcp

then we can allow through the firewall simply by specifying the application name "Warpinator" for example

sudo ufw allow Warpinator

it would also show up in the app list as follows

sudo ufw app list

and info such as

sudo ufw app info Warpinator

mtwebster commented 4 years ago

I thought about this, but I wanted to allow the flexibility of changing ports (42000 was just an arbitrarily chosen number). Which was why we made it easy to make the change, Warpinator will remove any old rule and replace it with the new one. It's both tcp and udp, btw. I probably need to clarify that in the preferences.

saraaba commented 4 years ago

Will it be disabled by default and not advertising on zeroconf?

saraaba commented 4 years ago

https://www.iana.org/form/ports-services

Considered registering the port?

mtwebster commented 4 years ago

Warpinator doesn't autostart by default (and ufw is disabled as well).

I noted that I could register something when I was looking up valid 'free' port ranges, but I really don't think we need that rigidity here.

I also suspect aspects of discovery and connection here are going to change sooner or later - I'm not a fan of zeroconf from working with it for this project. I want to leave our options open for now.

saraaba commented 4 years ago

well, discovery needs to listen for broadcasts on UDP if it's not via zeroconf UDP listener then it's via a custom listener and zeroconf is not going away any time soon, and if it's your own custom UDP listener then it will require punching yet another hole in the firewall and then you also have to mitigate against risks as the zeroconf listener has to, at least via zeroconf we have one point to monitor and one service to manage, it also will enable ports of Warpinator across platforms to use the same protobuf and discovery for transferring agnostically as they will have zeroconf also

Roblesolido commented 3 years ago

This works for me.

[Warpinator] title=Warpinator description=Sends and receives files over the network ports=42000/tcp|42000/udp