class plinth.modules.firewall.components.Firewall(component_id, name=None, ports=None, is_external=False)[source]

Component to open/close firewall ports for an app.

__init__(component_id, name=None, ports=None, is_external=False)[source]

Initialize the firewall component.


Check if the firewall ports are open and only as expected.



Close firewall ports when the component is disabled.


Open firewall ports when the component is enabled.

static get_internal_interfaces()[source]

Returns a list of interfaces in a firewall zone.

Filter out tun interfaces as they are always assumed to be internal interfaces.

classmethod list()[source]

Return a list of all firewall ports.

property ports_details

Retrieve details of ports associated with this component..

class plinth.modules.firewall.components.FirewallLocalProtection(component_id: str, tcp_ports: list)[source]

Component to protect local services from access by local users.

Local service protection means that only administrators and Apache web server should be able to access certain services and not other users who have logged into the system. This is needed because some of the services are protected with authentication and authorization provided by Apache web server. If services are contacted directly then auth can be bypassed by all local users.

component_id should be a unique ID across all components of an app and across all components.

tcp_ports is list of all local TCP ports on which daemons of this app are listening. Administrators and Apache web server will be allowed to connect and all other connections to these ports will be rejected.

__init__(component_id: str, tcp_ports: list)[source]

Initialize the firewall component.


Unblock traffic to local service from local users.


Block traffic to local service from local users.


Protect services of an app that newly introduced the feature.