Remove local firewall #817

a-martynovich · 2020-03-25T14:41:15Z

Closes #770

rptrchv · 2020-03-26T05:48:22Z

backend/device_registry/models.py

@@ -440,7 +440,8 @@ def zero_if_none(x):

        return self.calculate_trust_score(
            app_armor_enabled=zero_if_none(self.deviceinfo.app_armor_enabled),
-            firewall_enabled=self.firewallstate.policy == FirewallState.POLICY_ENABLED_BLOCK,
+            firewall_enabled=(self.firewallstate.global_policy is not None


is not None is redundant here

No it's not. firewall_enabled should be True or False, never None. Ifself.firewallstate.global_policy is None and self.firewallstate.global_policy.policy is not GlobalPolicy.POLICY_BLOCK then self.firewallstate.global_policy and self.firewallstate.global_policy.policy == GlobalPolicy.POLICY_BLOCK will evaluate to None.

rptrchv · 2020-03-26T05:49:45Z

backend/device_registry/models.py

@@ -787,27 +788,8 @@ class FirewallState(models.Model):
    device = models.OneToOneField(Device, on_delete=models.CASCADE)
    scan_date = models.DateTimeField(null=True, auto_now_add=True)
    rules = JSONField(blank=True, default=dict)
-    policy = models.PositiveSmallIntegerField(choices=POLICY_CHOICES, default=POLICY_ENABLED_ALLOW)


Can we remove the POLICY_CHOICES declaration since it's not used?

rptrchv · 2020-03-26T05:52:37Z

backend/device_registry/recommended_actions.py

-               (firewallstate.policy != FirewallState.POLICY_ENABLED_BLOCK
-                if firewallstate.global_policy is None
-                else firewallstate.global_policy.policy != GlobalPolicy.POLICY_BLOCK)
+        return firewallstate is not None \


I'm not sure this line is correct

I believe it's correct. If no Device has no firewallstate (which is unlikely) - it's not affected. If it has no global policy set or the global policy is not blocking - it's affected.
Please prove your point.

rptrchv · 2020-03-26T05:57:18Z

backend/device_registry/views.py

-                portscan.save(update_fields=['block_networks'])
+        # Submitted the removed `PortsForm` form.
+        elif 'is_ports_form' in request.POST or 'is_connections_form' in request.POST:
+            return HttpResponseForbidden()


Why not HttpResponseBadRequest?

Removed (should be handled by serializer).

a-martynovich requested a review from rptrchv March 25, 2020 14:41

rptrchv suggested changes Mar 26, 2020

View reviewed changes

a-martynovich force-pushed the 770-no-local-firewall branch 4 times, most recently from 730adc4 to 87ed8a3 Compare April 3, 2020 13:16

a-martynovich requested a review from rptrchv April 3, 2020 13:19

a-martynovich and others added 3 commits April 3, 2020 18:33

Remove local firewall from the Security view.

b4601b5

Remove FirewallState.policy usage.

3c8e9b3

Fixed all found issues

8177ef3

rptrchv force-pushed the 770-no-local-firewall branch from 87ed8a3 to 8177ef3 Compare April 3, 2020 15:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove local firewall #817

Remove local firewall #817

a-martynovich commented Mar 25, 2020

rptrchv Mar 26, 2020

a-martynovich Apr 3, 2020

rptrchv Mar 26, 2020

a-martynovich Apr 3, 2020

rptrchv Mar 26, 2020

a-martynovich Apr 3, 2020

rptrchv Mar 26, 2020

a-martynovich Apr 3, 2020

Remove local firewall #817

Are you sure you want to change the base?

Remove local firewall #817

Conversation

a-martynovich commented Mar 25, 2020

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment