Does haiku have a native firewall application? Are all ports open by default? I’m considering using this box as a small web server so it might be a good idea to have one.
No, we do not have a firewall per default.
No, ports are not open by default, like pretty much all other OS ports are only open when an application specifically listens to it.
That said, Haiku is a terrible choice for a webserver. Consider using an OS suited to this purpose instead, For example OpenBSD, FreeBSD, Linux (alpine linux) etc
2 Likes
Is it possible to port pf from freebsd or openbsd?
The network stack is completely different, so, we would have to re-implement most of the kernel side part (that is, most of the tool). The userspace tools could be reused if we implement a compatible interface for them.
I found an old beos application called be protected, that serves the same purpose as a firewall. Should be able to use the old apps as I’m on the Intel x86 architecture.
Porting the NetBSD firewall would be an easier option:
https://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20130314_1854.html
If we port any syntax, for the configuration alone I think pf from OpenBSD makes most sense, it is a comparitively easy syntax to write.
Though, Haiku would likely want a gui tool anyway. So maybe porting any is not such a good idea.
Porting pf OpenBSD is more complex, npf is more portable, creating a gui depends on the tool used, *BSDs have several firewalls on the base system.
I think what nephele try to say is that Haiku has a different philosophy.
In Haiku, you rather have a program conceived with a GUI, then you make only the necessary available on command line but it stays only one software.
A software included in the OS would stick the philosophy, but that’s more work than a ‘simple’ port.
In other systems, you create a command line program first, then anyone can make a GUI and you can end with countless programs even if obviously you won’t install them all.
A port distributed separately, would probably follow this path. The tool would be ported and, unless someone write a native one, the GUI too.
For those who use Haiku on transportable devices something like a portblocker program for incoming traffic (something like a NAT) would be nice. I do not see that a fully firewall is necessary in a desktop system. But a incoming blocker.
Unless you have malicious or wrongly behaving services that listen on ports without your knowledge or permission there is no need to have a firewall for this, the OS already ignores all packages that are send to closed ports.
3 Likes
Disk Encryption would be much more usefull for mobile Haiku than a Firewall, just don’t open any Ports 
@ubu I think DriveEncryption was basically working but not supported on boot drive. However I am not sure if it’s still working now as last activity was some time ago.
I meant on the Boot Drive, will try out DriveEncryption, did niot know that existed.
Porting LUKS from Linux would be great
Unfortunatly the only thing i can program is hello world! (But in a lot of languages)
ah, now I understand your answer above concerning open ports. that make sense. thx.
Securing a system depends not only on one core component like networking/firewal, you’re right.
How would you know that you don’t, if you don’t have a firewall logging it?
I don’t think firewalls are for logging. If you want to make sure this isn’t happening then the system ought to ask you which services may listen on which ports. For example a list of “listening services” in the network preferences
1 Like