Collaborative firewall on Turris OS 4.x.x

Hello. I have an Omnia 2019 with Turris OS 4.0.1 hbs. I read on this forum that the data collection and Honeypot is not yet integrated into Foris, but it is still possible to install the corresponding package groups. Is there a guide or could you help me to configure Turris OS 3.x.x-like distributed and collaborative firewall even from the command line? Thanks.

Enabling data collection package list installs dynamic firewall that is automatically enabled.

To participate in data collection you have to install some of the sentinel collectors, such as sentinel-nikola for firewall logs, sentinel-minipots for telnet minipot or turris-survey for router usage statistics. Please note that doing so you agree with our eula.

Thank you so much for your answer. I really appreciate the team’s availability. Could you provide me with a link to more detailed instructions for enabling the firewall and HaaS? On 3.11.8 I had everything enabled and I had accepted your EULA. Can you give me some steps to follow? I’m a dirty noob.

If you are “dirty noob” then just wait for official support. That is going to save you a lot of pain.

In general there are still blocker why we do not do wide deployment. Foris integration is not yet done and internal security audit for some components (like minipots) is not done.

I suggest you to activate data collection package list in Foris (in updater tab). That is going to install dynamic firewall.

For HaaS you can enable it in package list and then you have to configure it. Then navigate to https://haas.nic.cz and in your account add new device or display token for original addition. You have to paste this token to /etc/config/haas. The file is documented so you should have no problem with this.

Ok. Thank you so much. I will activate those packages in foris and connect the router to Haas by taking the token from the configuration file. Will Ludis also be brought on OS 4?

Ludus is not directly maintained by us and support for 4.0+ release depends on original authors. I can’t talk for them.

Ok I understand. Thanks.