Firewall secure?

1. offizieller Beitrag

    Hello. I have a few questions about the OMV Firewall. I would like to set the OMV server direct and an external IP address. The WAN router does not do any packet inspection/blocking and simply lets all traffic through to my endpoint (= OMV). Performance should not be an issue. There are only 5 users and no no high bandwidth data exchange (only documents).


    The following services will run on them OMV:


    - OpenVPN

    - Nextcloud fileshare inside a Docker container

    - SMB (only internal access via OpenVPN connection)

    - SSH (only internal access via OpenVPN connection)


    My questions:

    - how secure is the OMV firewall?

    - does the firewall also protect the Nextcloud inside Docker?

    - are there better solutions?


    Thank you so much!


    Marc

    OMV6 i5-based PC

    OMV6 on Raspberry Pi4

    OMV5 on ProLiant N54L (AMD CPU)

    Hi Votev - I understand that any program can only be as secure as the setup. What i am asking I guess, is, if there are any known vulnerabilities of the OMV Firewall through the coding, the implementation etc?

    Also,. how does the OMV Firewall interact with Docker, i.e. if I close all ports on the firewall, can a docker container still have network traffic bypassing the OMV firwall?

    OMV6 i5-based PC

    OMV6 on Raspberry Pi4

    OMV5 on ProLiant N54L (AMD CPU)

    • Offizieller Beitrag
    Zitat von MarcS

    What i am asking I guess, is, if there are any known vulnerabilities of the OMV Firewall through the coding, the implementation etc?

    OMV firewall is just configuring iptables. This is the standard Linux firewall. If there are vulnerabilities, it isn't because of OMV.

    Zitat von MarcS

    how does the OMV Firewall interact with Docker, i.e. if I close all ports on the firewall, can a docker container still have network traffic bypassing the OMV firwall?

    OMV doesn't. Docker creates its own iptables rules when it starts. If you make a rule that overrides docker, it will block the container. You will just have to try it.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.6 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden