Hello,
The customer requires a firewall program.
I think it’s possible to create massflash blobs with ufw (uncomplicated firewall) installed. Is that really the case?
Thank you.
Note that firewalls have different degrees of how “strict” settings are, so what follows is just “in general” and would need some experimentation based on that firewall setting.
I don’t know of all ports used, but it seems likely it would work if the host PC is able to open HTTP and HTTPS ports to the outside world, along with ssh/scp ports over the ethernet used to talk to the Jetson (which might be a micro-USB port, or might be some ethernet switch used in post flash steps).
Outgoing HTTP/HTTPS probably does not need a custom setting unless the firewall is using stricter rules. Similar for ssh. Firewalls generally are ok with responses to traffic requests which originate from inside.
DHCP is used for address assignment, and as above, this is not generally an issue if the host PC is generating the request since the firewall knows it is a response to a known request and not some unexpected external incoming traffic. However, if you are using the micro-B USB cable for network traffic, then this is a different interface than the main ethernet, and probably requires special setup to allow this interface. If the interface is set up and allowed, then it is unlikely it needs extra setup.
I think it is probably a good idea to run UFW on any system open to general internet visibility.
1 Like
Hello,
Can I clone and restore the APP partition image with UFW installed?
Thank you.
Yes. Neither clone nor restore care about UFW, but will preserve UFW if present.
1 Like
Thank you.
Hello,
Even if you sell to customers with software such as UFW installed, there will be no problems with licenses, right?
First of all, we need to find out the license for the UFW software.
Thank you.
I am not a lawyer, but having a running Linux operating system is rarely a problem. The place where people get into trouble is when they claim ownership of content, e.g., if the kernel were modified and kernel source were no longer provided it would be a problem because licensing of free content cares about claiming ownership more than anything.
Lots of companies provide Linux when selling hardware. Since the company making the sales does not claim ownership of Linux, and passes along the licensing as required, there isn’t a problem.
There are packages available for Linux which are commercial paid programs. For those you would probably know you are installing something commercial, but the free stuff with no blocking of its content and no blocking of its license model tend to not be an issue.
Just to emphasize, I am not a lawyer.
1 Like
Thank you for diligently answering my tricky questions.