Where are Firewall Settings in the FreeNAS 11 ?

[guemi]

Another very very simple thing is that in business, we have a TrueNAS that pulls data from other backup sources.

We know have to put it on a different subnet, and create special rules, when we could've just blocked any incoming traffic in a local firewall on the TrueNAS and allow it to only "pull".


There are plenty of cases where a firewall on True/FreeNAS is useful.


Grasping for straws to come up with some reason why it shouldn't is just a waste of time.

 

[Patrick M. Hausen]

FreeNAS is a product with a feature set. Firewall is not one of the features. You can propose a feature like that via the bugtracker or call iXsystems' product management and tell them how they will monetarize on giving that priority with all the customers you have waiting for exactly that, but arguing on a user forum about what you want is not going to get you anywhere. What goes into TrueNAS and what doesn't is at the discretion of iXsystems and I suggest you contact them via the available appropriate channels. This is not one of them.

Other users like @danb35 and myself are in no way arguing that a firewall feature would have a negative impact, was not necessary, you are clueless, whatever. We are simply stating the fact that TrueNAS does not come with one and therefore you should not put it on the Internet.

The system is designed as an internal server system. Likewise are systems like VMware vSphere, NetApp or EMC2 storage systems etc. You simply do not provision those Internet accessable.

 

[danb35]

Grasping for straws to come up with some reason why it shouldn't is just a waste of time.

And who do you think is doing this, in this three-year-old zombie thread?

 

[darnleyc]

My guess is that you might be trying to secure your shared data.
For example, If you are using a SMB share, then use the Host Allow list to only allow access from your local subnet such as 192.168.1.0/24

Same applies for other sharing protocols.

 

[guemi]

The system is designed as an internal server system. Likewise are systems like VMware vSphere, NetApp or EMC2 storage systems etc. You simply do not provision those Internet accessable.

A)

No one has said it should be on the internet. Firewalls aren't exclusive to the internet you know, as I literally explained in my post if you'd read it properly.


B)

but arguing on a user forum about what you want is not going to get you anywhere.

Yet here you are, doing exactly that. Yikes bud, take a cool one. The irony on this is embarrassing yourself.

And who do you think is doing this, in this three-year-old zombie thread?

What a useless comment on a thread that's clearly live with fresh posts about a hot topic.

 

[danb35]

*plonk*

 

[mcroger]

A hopefully well formed suggestion for this has been submitted to the TrueNAS Jira:

https://jira.ixsystems.com/browse/NAS-113779

This forum thread is confusingly polarized. It would be good if those that see a need to have a host based firewall enabled and configurable in TrueNAS could support that suggestion and elevate it to a feature request. As a policy the Jira doesn't enable the community to submit feature requests directly; they have to be vetted first:

Only iX Engineers can create Improvement / Feature Ticket Types

It's nearly 2022. A host packet filter on any type of device is a reasonable feature; it's already there under the hood in FreeBSD, but not yet exposed in TrueNAS for configuration by admins that may want to use it. The majority of users that use TrueNAS deploy it on internal networks behind a firewall; internal networks are not immune to attack from hostile insiders or attackers that have breached or purchased access to company networks. Some users want additional options to secure these devices, and some deployments are on smaller networks without the ability to place them in dedicated LANs with dedicated firewall devices, etc.

Users who don't see a need for this could simply ignore the feature and continue using the default firewall policy that ships with TrueNAS.

 

[mcroger]

A hopefully well formed suggestion for this has been submitted to the TrueNAS Jira:

https://jira.ixsystems.com/browse/NAS-113779

See also https://jira.ixsystems.com/browse/NAS-110277.

 

[Patrick M. Hausen]

Please don't necro years old threads.

The subject says "FreeNAS 11" - FreeNAS 11 is EOL.
If you really think this topic has not yet been debated to death, open a new thread.

 

[danb35]

If you really think this topic has not yet been debated to death, open a new thread.

Or not--whether it's been beaten to death or not (and I believe it has, several times over), debate here isn't change the devs' minds. If you want it, vote for the ticket. Or read the comment that says, "we have no intention of doing this for TrueNAS", and deal. Yet Another Thread isn't going to change anything.

 

[Ericloewe]

Yeah, this story is getting way too old and repetitive. I'm closing this thread.