storm/configure-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: tighten firewall ssh safety requirements

Browse Source
This commit is contained in:
Storm Dragon
2026-04-16 15:51:53 -04:00
parent 55a1765582
commit 114737399a
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/superpowers/specs/2026-04-16-server-firewall-cleanup-design.md
View File

@@ -48,12 +48,23 @@ The firewall submenu is intentionally narrow and dialog-driven. It will provide:
Behavior details:
- `Install ufw` installs the package only if it is not already present.
- `Enable firewall` runs `ufw enable`.
- `Enable firewall` first ensures the active SSH port is explicitly allowed before enabling `ufw`.
- `Disable firewall` runs `ufw disable`.
- `Allow SSH` allows the current OpenSSH port if detectable from `sshd_config` or `sshd_config.d`; otherwise it falls back to port `22/tcp`.
- `Allow SSH` allows the current SSH port based on the server conversion drop-in file if available. If the port cannot be determined confidently, the user is prompted to enter it manually. If the port still cannot be confirmed, the action is cancelled without changing firewall rules.
- `Open custom port` prompts for either a bare port such as `80` or an explicit `port/protocol` string such as `443/tcp` and validates the input before calling `ufw allow`.
- `View status` shows `ufw status verbose` in a dialog-friendly text view.
## SSH Port Safety
Preventing SSH lockout takes priority over convenience.
- The primary source of truth for the SSH port is `/etc/ssh/sshd_config.d/99-stormux-server.conf`, which is written by the earlier server conversion step.
- Firewall actions that could affect remote access must check that file first and extract the configured `Port` value when present.
- If the port file is missing, unreadable, malformed, or otherwise ambiguous, the script must not guess. It should prompt the user to enter the SSH port explicitly.
- If the user cancels the prompt or enters an invalid value, the script must cancel the firewall-enabling action rather than continue.
- `Enable firewall` should allow the resolved SSH port before running `systemctl enable --now ufw` or `ufw enable`.
- `Allow SSH` should reuse the same resolution logic so behavior is consistent.
## File Boundaries
- `configure-server.sh`
@@ -76,6 +87,7 @@ Obsolete include files that are no longer referenced by the top-level server lau
## Error Handling
- Missing `ufw` will be reported clearly for actions that require it, with `Install ufw` available as the explicit fix path.
- If the SSH port cannot be confirmed, `Enable firewall` must abort with a clear message rather than risk locking the user out.
- Invalid custom port input will show a message and return to the firewall menu without applying a rule.
- Commands that require privilege will continue using the existing `sudoFlags` handling.