Turris firewall rules

I didnt get any reply within thread TO and err turris-firewall-rules.

Today I hit accidentally into https://github.com/CZ-NIC/fw-rules. Is it safe install this also on Omnia? I am not gathering or upload any of my network data (nikola,registration code, etc.), but I think I should be able to use custom rules provided by NIC?

Is it safe install

root@Doma:~# opkg list | grep turris-firewall
turris-firewall-rules - 63-1 - turris-firewall-rules

? My idea is just make additional option path ‘/usr/share/firewall/turris’ work, but I am worried a little, as this seems to be Turris 1.0 originated and enabled on Omnia’s /etc/config/firewall by mistake (described in original post TO and err turris-firewall-rules)

And firewall isnt something, which I would like to test non-documented functionality.

1 Like

And now, on TOS 3.9.6, there is no more of them apparently?

root@Doma:~# opkg list | grep firewall
firewall - 2017-05-18
luci-app-firewall - git-17.212.24321-49c3edd-1
luci-i18n-firewall-cs - git-17.212.24321-49c3edd-1
luci-i18n-firewall-en - git-17.212.24321-49c3edd-1

root@Doma:~# opkg list | grep turris
turris-diagnostics - 9-1
turris-version - 3.9.6

root@Doma:~# opkg list | grep rules
root@Doma:~#

Hi,

If you register your router and enable Data collection, the package turris-firewall-rules is automatically installed. This package allows you to take benefits of dynamic firewall rules (IP blacklists etc…) which we generate on our servers.

I have this package on both Turris 1.1 and Omnia routers and it includes the script /usr/share/firewall/turris you mention in the other topic.

I understand that information about dynamic firewall rules are confusing. Please be patient a bit as we are currently rewriting and refactoring dynamic firewall services (both server-side and client-side). The process would be more transparent, documented and you would be able to take advantage of our dynamic rules even on other devices than Turris routers.

V.

2 Likes

Jestli logu dobře rozumím, tak nestahuje pravidla pro firewall. Zkoušel jsem hledat ve fóru a nenašel, že by se to vyskytovalo hromadně. U mně je to delší dobu již od prosince, není to každodenní záležitost, ale třeba dnes v logu od včerejška 9x.

2019-01-25 01:02:08 err turris-firewall-rules[]: (v63) Failed to download https://api.turris.cz/firewall/turris-ipsets.gz.sign

a log v souvislostech … prosím o komentář, netuším zda je to problem serveru nebo na mé straně

2019-01-24 18:00:02 err server_uplink[]: Failed to download contract status
2019-01-24 18:00:03 info nikola[]: (v43) recognized WAN interfaces: eth1, lo
2019-01-24 18:00:14 info nikola[]: (v43) Establishing connection took 0.576189 seconds
2019-01-24 18:00:14 info nikola[]: (v43) Logrotate took 0.004958 seconds
2019-01-24 18:00:14 info nikola[]: (v43) Syslog parsing took 0.075673 seconds
2019-01-24 18:00:15 err turris-firewall-rules[]: (v63) Failed to download https://api.turris.cz/firewall/turris-ipsets.gz.sign
2019-01-24 18:00:15 info nikola[]: (v43) Session init took 0.613119 seconds
2019-01-24 18:00:15 info nikola[]: (v43) Records parsed: 82
2019-01-24 18:00:15 info nikola[]: (v43) Records after filtering: 68
2019-01-24 18:00:15 info nikola[]: (v43) Records filtering took 0.012317 seconds
2019-01-24 18:00:15 info nikola[]: (v43) {'msg': 'Data were inserted into work queue.'}
2019-01-24 18:00:15 info nikola[]: (v43) Sending records took 0.071029 seconds
2019-01-24 18:00:18 err server_uplink[]: Failed to get registration code

Ja porad nevidim ani balicek turris-firewall-rules :slight_smile:

root@Doma:~ opkg list | grep turris
turris-diagnostics - 9.1-1
turris-maintain - 2
turris-version - 3.10.8
root@Doma:~ cat /etc/turris-version
3.10.8
root@turris:~# opkg list | grep turris-firewall-rules
turris-firewall-rules - 63-1
root@turris:~# cat /etc/turris-version 
3.11.2

Omnia i Turris 1.x mi ukazují to samé. Nevím jestli to může být tou starou verzí co máte…

1 Like

U mně verze

root@Omnia:~# opkg list | grep turris-firewall-rules
turris-firewall-rules - 63-1 - turris-firewall-rules
turris-firewall-rules-tests - 63-1 - This package is used to test firewall rules.
root@Omnia:~# cat /etc/turris-version
3.11.2
root@Omnia:~#