Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add configuration integration with popular firewall management tools. #12104

Open
Ferroin opened this issue Feb 9, 2022 · 4 comments
Open

Add configuration integration with popular firewall management tools. #12104

Ferroin opened this issue Feb 9, 2022 · 4 comments
Assignees
@Ferroin @tkatsoulas
Labels
area/packaging Packaging and operating systems support feature request New features

Comments

@Ferroin
Copy link
Member

Ferroin commented Feb 9, 2022

Prompted by discussion in #1203, as well as other issues.

Initial implementation should ideally cover UFW and firewalld, as they are the two most popular options.

UFW config would involve a file with the following contents being put in `/etc/ufw/applications.d/:

[netdata]
title = "Netdata real-time performance monitoring web server"
description = "Netdata agent Web UI and Streaming https://www.netdata.cloud"
ports = 19999/tcp

[netdata-statsd]
title = "Netdata statsd server for APM metrics"
description = "Netdata statsd server https://learn.netdata.cloud/docs/agent/collectors/statsd.plugin"
ports = 8125/tcp|8125/udp

Firewalld config would consist of two files being put in /etc/firewalld/services, one called netdata.xml with the following contents:

<?xml version="1.0" encoding="utf-8"?>
<service>
    <short>Netdata</short>
    <description>Netdata Agent UI and Streaming</description>
    <port protocol="tcp">19999</port>
</service>

And a second one called netdata-statsd.xml with the following contents:

<?xml version="1.0" encoding="utf-8"?>
<service>
    <short>Netdata StatsD</short>
    <description>Netdata StatsD server</description>
    <port protocol="tcp">8125</port>
    <port protocol="udp">8125</port>
</service>

We probably want to unconditionally install these when running the regular installer, but should probably not install them when invoking make install, which means they would need to be handled in netdata-installer.sh, packaging/makeself/install-or-update.sh, contrib/debian/rules and netdata.spec.in.
@Ferroin Ferroin added area/packaging Packaging and operating systems support feature request New features labels Feb 9, 2022
@ilyam8
Copy link
Member

ilyam8 commented Feb 9, 2022
edited

contrib/debian/rules

For debian/rpm the default is "bind to = localhost". Or you mean install those rules, but not (somehow) enable them?

@Ferroin
Copy link
Member Author

Ferroin commented Feb 9, 2022

This would be installing service definitions, which users could then trivially enable through UFW/firewalld instead of having to manually add the ports if they wanted to bind to something other than localhost.

@Ferroin Ferroin assigned Ferroin and unassigned maneamarius Jul 29, 2022
@ilyam8
Copy link
Member

ilyam8 commented Feb 7, 2023

Firewalld config

Added in firewalld/firewalld#948

@Ferroin
Copy link
Member Author

Ferroin commented Feb 8, 2023

Firewalld config

Added in firewalld/firewalld#948

Oh, nice, that makes this even easier.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ferroin Ferroin

@tkatsoulas tkatsoulas

Labels
area/packaging Packaging and operating systems support feature request New features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Ferroin @iigorkarpov @tkatsoulas @maneamarius @ilyam8