MOX Default Firewall Settings

The firewall with default settings seems very open, with most connections being accepted.

I looked at the iptables rules on the MOX as well using ssh, and it appeared the same, is this normal?

Did you enable data collection?

https://doc.turris.cz/doc/en/howto/collect

The version of foris on MOX does not appear to have all of the same options as that referenced in the docs if that box is checked.

Does this affect the firewall rules if selected?

I didn‘t get my MOX yet, but I think on my Omnia this is the case. On the first screenshot in the linked document you can see that ucollect emulates open services to WAN, which requires some firewall rules…

I see, the foris version running on the MOX that I have (currently modules A and E) does not show the Data Collection tab at all.

This is with the ucollect packages and such installed from the Updater tab.

Maybe its still a work in progress for MOX.

Is there an update? @Pepe @n8v8r

Afraid, me not a developer or with the TO team nor do I have access to a Mox

Reading the thread though it seems to be scarce of vital information of what the exact nature of the concern is.

is rather wide open to interpretation, imho
What exactly is open and what are most connections being accepted?

uCollect is gone as of TOS4.x and instead Pakon being utilized, which I am not familiar with or know whether it is even in the Mox repo or whether its impacts the firewall rules. But unless there is more specific info forthcoming this would seem to be a rather secondary consideration.

This thread can be closed, thanks.

I don’t think this should be closed. Data collection isn’t in mox but Pakon is but the default settings are no settings lol. I cant figure out how distributed adaptive firewall is working in mox. There has been no update to Data Collection - doc.turris.cz/doc/en/howto/collect

Looking at luci firewall these are also wide open as default. I assume this is because normal config cant be done in forris or luci for that matter; cli ssh SFTP etc must be used (which is disappointing) For example to set up as wifi repeater, configure vpn client, DNS etc

It is very confusing as there is no documentation and Luci seems to be far behind the standard OpenWRT luci.

1 Like

Same here…activated the data collection, but after install no menu in forris pops up. Also tried the Honeypot, same result.
MOX classic

Data collection hasn’t worked on Turris MOX yet.
Only FW logs sending …

But can you see that in the syslog? Or in Forris? It is def not the same as with my omnia.
Also the omnia does send, but no data at project.turris.cz