[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

print ports opened in the firewall.

For me todo later if accepted.

on the respective /usr/bin/whonix-TYPE-firewall

print_ports(){
  printf '%s\n' "INTERNAL_OPEN_PORTS=\"${INTERNAL_OPEN_PORTS[@]}\""
  printf '%s\n' "EXTERNAL_OPEN_PORTS=\"${EXTERNAL_OPEN_PORTS[@]}\""
}


end() {
   output_cmd "OK: Whonix firewall loaded."
   print_ports
   exit 0
}

Good? Can be default? I think it is very useful.

1 Like

Generally I am open the the idea. Seems useful.

/usr/bin/whonix-TYPE-firewall --ports

Or --info instead?

Worried user questions which will be caused by this if too verbose by default:

  • Is it normal that INTERNAL_OPEN_PORTS xx is open?
  • Is my connection broken because there are no EXTERNAL_OPEN_PORTS, should I add some?

Output of Whonix firewall is also integrated in sdwdate-log-viewer because of ⚓ T533 iptables block network access until sdwdate succeeded and that would be confusing.

yes.

got it

on my todo

1 Like

Can you point where are INTERNAL_OPEN_PORTS being opened in whonix-workstation-firewall, I didn’t find it.

1 Like

You sure?

   if [ "$firewall_mode" = "timesync-fail-closed" ]; then
                  local socks_port_item
                  for socks_port_item in $INTERNAL_OPEN_PORTS; do
            

It is only called if firewall_mode=timesync-fail-closed

1 Like

and it is rejecting

1 Like

Added some comments inline on github.

1 Like

My mistake. Now understand your question.

Nowhere. It’s not needed. If it’s not rejected, it’s permitted by default.

There isn’t “much” filtering in the output chain (function ipv4_output) when firewall_mode=full.

The whole ipv4_output function looks overly lengthy and complicated due to timesync-fail-closed firewall mode and TUNNEL_FIREWALL_ENABLE mode. For a different topics,

1 Like

This was merged.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]