Project

General

Profile

Bug #43112

Do not enable Berkeley Packet Filter by default in new UI

Added by Michael Reynolds about 2 years ago. Updated about 2 years ago.

Status:
Done
Priority:
No priority
Assignee:
Lola Yang
Category:
GUI (new)
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Jails -> Add Basic and Wizard
The Berkeley Packet Filter (BPF) is set by default.
BPF should not be set by default as it can pose a security risk.
BPF should be set when DHCP Autoconfigure IPv4 is set.
The BPF checkbox should behave the same way as the VNET checkbox

See BPF-SetByDefault-2018-08-27.png
This screenshot was taken on first entry to the Advanced Jail Creation Wizard.

BPF-SetByDefault-2018-08-27.png (15.5 KB) BPF-SetByDefault-2018-08-27.png Michael Reynolds, 08/27/2018 02:49 PM
26018

History

#2 Updated by Dru Lavigne about 2 years ago

  • Target version changed from Backlog to 11.2-RC1

#3 Updated by Erin Clark about 2 years ago

  • Assignee changed from Erin Clark to Lola Yang

#4 Updated by Lola Yang about 2 years ago

  • Status changed from Unscreened to In Progress

#5 Updated by Lola Yang about 2 years ago

  • Status changed from In Progress to Ready for Testing
  • Needs Merging changed from Yes to No

#6 Updated by Dru Lavigne about 2 years ago

  • Subject changed from Berkeley Packet Filter should not be set by default in the new UI to Do not enable Berkeley Packet Filter by default in new UI

#8 Updated by Timothy Moore II about 2 years ago

  • Status changed from Ready for Testing to Failed Testing

Testing with FreeNAS system updated to FreeNAS-11.2-MASTER-201809140904:

Go to Jails > Add. Use the wizard to create a simple jail with manual network settings. After creation, edit the jail to view its settings. Find Berkeley Packet Filter setting enabled. Further investigation shows that if DHCP is set at any point, then VNET and Berkeley Packet Filter are also set, but unsetting DHCP leaves both VNET and Berkeley Packet Filter set.

Suggestion: In addition to updating the button behavior, it might be good to add the Berkeley Packet Filter setting to the Jail creation wizard. Then the user can see what changes settings-wise when DHCP is set.

#9 Updated by Michael Reynolds about 2 years ago

To clarify BPF was enabled when entering the Wizard and before DHCP was enabled.
BPF should not be enabled until the DHCP option is set.

Unchecking DHCP does leave the VNET and BPF options set.
I thought there was a ticket for that already but could be wrong.
I'm not sure that VNET and BPF should be unset if DHCP is unchecked as VNET and BPF can be used without DHCP. (When a static IP is configured for example)

#10 Updated by Lola Yang about 2 years ago

Yes, Mike is correct.
1. BPF should not be enabled until the DHCP option is set.
2. VNET and BPF can be used without DHCP, so in some situation, auto unset VNET and BPF if DHCP is unchecked is not correct.

And confirmed with Brandon, unsetting DHCP leaves both VNET and Berkeley Packet Filter set won't leads to any problems.

#11 Updated by Timothy Moore II about 2 years ago

  • Status changed from Failed Testing to Passed Testing

Confirmed no additional button behavior changes are forthcoming. Retest with FreeNAS Mini updated to FreeNAS-11.2-MASTER-201809180851:

Go to Jails > Add Wizard. Create simple jail 43112 with 11.2-RELEASE and no configured network settings. Edit jail and confirm Berkeley Packet Filter is not set.

#12 Updated by Timothy Moore II about 2 years ago

  • Needs QA changed from Yes to No
  • Needs Doc changed from Yes to No

Doc changes: [angulargui branch] https://github.com/freenas/freenas-docs/pull/358, no changes needed to master branch.

#13 Updated by Dru Lavigne about 2 years ago

  • Status changed from Passed Testing to Done

Also available in: Atom PDF