= Add Firewall Services to eBox (DEPRECATED since 0.9.100 version)=
Some people wish to configure the firewall to allow traffic with different installed servers alongside eBox.
However, it is not easy way to achieve so. Only a 'hard' way involved changing eBox's firewall code by hand is available to do it. Meanwhile the firewall features are improved, we need a temporary solution.
This solution involves the addition of more services to the firewall. We can allow or deny access to those services (as it is done in SSH) per global basis or per object basis.
However, please remember that currently a external interface cannot access to the services. Thus you can just provide them via internal network interfaces.
In order to add a new service to eBox firewall, you can use this Perl script.
The usage is the following:
add-service-to-firewall NAME PROTOCOL PORT
For instance, if you had just installed another web server alongside eBox, you could add the httpd service as it is done as following:
add-service-to-firewall httpd tcp 80
Then you can allow internal connections to the service. To achieve so, you can follow these guidelines:
- In the left menu, click on Firewall and then on Packet filter.
- Get Configure default rules (You can also configure rules per object basis).
- In Services section, set the service (httpd in the previous example) as allow policy and click on Add.
- Don't forget to save the changes (upper right button)
