Skip to content

_firewall_config.py: add ni-logos-xt service to work-out policy#66

Merged
amstewart merged 2 commits intoni:masterfrom
blair-ni:dev/firewall-logosxt
Jun 25, 2025
Merged

_firewall_config.py: add ni-logos-xt service to work-out policy#66
amstewart merged 2 commits intoni:masterfrom
blair-ni:dev/firewall-logosxt

Conversation

@blair-ni
Copy link
Copy Markdown
Contributor

@blair-ni blair-ni commented Jun 25, 2025
edited
Loading

Summary of Changes

Add ni-logos-xt service to work-out firewalld policy.

Justification

Our current policy only allows incoming LogosXT-based traffic, i.e. the traffic for features such as Shared Variables and Network Streams. This allows a remote host to access, e.g., an RT target-hosted Shared Variable. However, a remotely hosted Shared Variable is not accessible to a SNAC-enabled RT target. Allowing outgoing traffic on these ports fixes this.
See AB3122615 for more details.

Testing

  • Ran make install and make installcheck against this change.
  • Got the failing Shared Variable test to pass by manually adding the following entries to the firewall:
    • firewall-cmd --policy=work-out --add-port=2343/tcp
    • firewall-cmd --policy=work-out --add-port=59111/tcp
  • Will run Shared Variable and Network Streams tests after merging.

Procedure

  • This PR: changes user-visible behavior, fixes a bug, or impacts the project's security profile; and so it includes a CHANGELOG note.
  • I certify that the contents of this pull request complies with the Developer Certificate of Origin.

blair-ni added 2 commits June 25, 2025 12:16
@blair-ni
add ni-logos-xt to work-out policy
d05bb3b 
Signed-off-by: Blair Elliott <blair.elliott@ni.com>
@blair-ni
add to Unreleased/Changed section of changelog
e3b3eab 
Signed-off-by: Blair Elliott <blair.elliott@ni.com>
@blair-ni blair-ni marked this pull request as ready for review June 25, 2025 21:25
@blair-ni blair-ni requested review from a team, AlexHearnNI and amstewart as code owners June 25, 2025 21:25
amstewart
amstewart approved these changes Jun 25, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@amstewart amstewart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Spoke w/ blair somewhat offline.

Confirmed that the ports from his test cases match the service def file for logos here.

Blair has promised to run the RTATS against these changes once it is in.

@amstewart amstewart merged commit 4313780 into ni:master Jun 25, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amstewart amstewart amstewart approved these changes

@AlexHearnNI AlexHearnNI Awaiting requested review from AlexHearnNI AlexHearnNI is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@blair-ni @amstewart