Bastille: Allow configuration of "[TRUSTED|PUBLIC|INTERNAL]_IFACES" for more Security
Currently the interfaces are preconfigured in .../ispconfig/server/conf/bastille-firewall.cfg.master.
TRUSTED_IFACES="lo" # MINIMAL/SAFEST PUBLIC_IFACES="eth+ ppp+ slip+ venet+ bond+" # SAFEST INTERNAL_IFACES="" # SAFEST
Allowing to configure the TRUSTED_IFACES or INTERNAL_IFACES would easily allow one to more strictly lock down the system to the outside.
This is especially useful for scenarios when using an internal network between servers where no filtering should apply. Right now you have to open ports also to the public, even if you need them on the internal LAN only (or change the ISPConfig config master file by hand). This is kind of a security issue.
Thx and Brgds,
Jan
Edited by Thom