docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon owncloud

[QA] suggested firewall rules are not actionable

Open jnweiger opened this issue 4 years ago • 3 comments

WHAT Needs to be Documented?

More details about the firewall suggestions for our appliance.

  • 5.9.68.237 is the ip-addr of marketplace.owncloud.com
  • 176.9.114.147 is the ip-addr of both docker.software-univention.de and software-univention.de

WHERE Does This Need To Be Documented (Link)?

https://github.com/owncloud/docs/blob/master/modules/admin_manual/pages/appliance/configuration/firewall.adoc

WHY Should This Change Be Made?

No admin should ever add an unexplained IP-Address to his firewall. Each hostname or IP address should have a reaseon. Rules without port numbers are unspecific. We need to explain at least the ip-addresses. (The dns names could be considered more or less selfexplanatory and admins could guess that port 443 is sufficient.)

(Optional) What Type Of Content Change Is This?

  • [x] Bug Fix to Existing Content

(Optional) Which Manual Does This Relate To?

  • [x] Admin Manual

jnweiger avatar Jun 23 '21 12:06 jnweiger

Keep in mind this could change at any time (and need to be updated in the docs) so hard-coded IPs might be a bad idea. Maybe document how to get the current IP? Or just mention how e.g. iptables works. If you add an n allow rule with a domain name, iptables will resolve it automatically and add the current used IP to the rule set (but does NOT auto-update DNS changes, of course).

xoxys avatar Jun 24 '21 12:06 xoxys

I will find a way to address both views.

mmattel avatar Jun 24 '21 17:06 mmattel

https://github.com/owncloud/firewall/issues/694 ([QA] De-Morgan's law is confusing)

mmattel avatar Jul 07 '21 13:07 mmattel