I don´t see in gui any firewall? how to setup open port?
1 Like
Truenas is not a router applicance.
You would need to open the ports you need in your router.
Be careful what ports you open, personally I only open ports for wireguard.
1 Like
If you are referring to the NAS itself - there is no firewall. All ports are open.
1 Like
Why do you think you need to “setup open port”? What is it you’re actually trying to accomplish?
As others have said, TrueNAS (whichever version you’re using, which you didn’t mention) doesn’t include any sort of firewall, never has, and almost certainly never will. It’s a NAS; use a firewall if you want a firewall (which you should).
Ok i understand but even ubuntu node isn´t a router appliance but it has its firewall.
thanks
1 Like
In your router.
thanks, so it’s open to internal attack, if someone cracks my wifi i am screwed.
1 Like
Not if you have properly configured your network.
I use password12345 for my WiFi passphrase. Most hackers that wield Kali Linux laptops, while slowly cruising different neighborhoods in white vans, usually attack password1234, or passphrases shorter than 13 characters. Using password12345 protects your network against these typical attacks.
4 Likes
If an attacker is already on your internal network, you have lots of problems.
2 Likes
It’s open with the services it’s running. What’s the point of a system providing a service if you block that service at the port level? What’s the point of blocking ports that are not providing a service and result in a “port unreachable”, anyway?
For anything more complex I recommend a network firewall and proper isolation. I really do not believe host based firewalls add anything worth maintaining.
4 Likes
What’s the Unicode for the Facepalm-While-ROTFL emoji?
3 Likes
3 Likes
I note that you still haven’t explained what you’re actually trying to accomplish, nor in what way you think a firewall on the NAS will help you do it.
1 Like
Tucked away right after Phoenician cuneiform. It was introduced alongside the “flip phone” emoji (that caused some pain because some vendors had a standard phone emoji that was a flip phone) and the “modem with acoustic coupler” emoji (introduced after a mass mail-in campaign demanded a wider variety of modem emojis).
1 Like
You’re all coming down hard on the OP but host-based firewalls are a critical component of any security program. I’m floored that TrueNAS doesn’t support one. @Pindaroli, I’m totally on your side here. TrueNAS absolutely should have a built-in firewall and it should require that you use it!
Feel free to open a Feature request.
Since iX is even considering Wifi support your request might actually have a chance….
1 Like
Just don’t forget to explain what you want to achieve with a firewall on a NAS. Inquiring minds want to know…
…and you’re reviving a thread that’s been dead for a year and a half to post this misconception. Nobody’s “coming down hard” on the OP, but we’re all explaining that what he’s asking for doesn’t exist. He hasn’t done the corresponding courtesy of answering the question that’s been asked twice: what he’s actually trying to accomplish.
If you think TrueNAS should include such a feature, post a feature request. See how much interest it gets and what (if anything) iX does with it.
Insofar there is a “firewall” it’s keeping the software updated, minimizing the number of ports / protocols that are available, and staying on top of threats.
However, the role of the sysadmin is to prevent any unauthorized contact with the NAS in the first place. Popular avenues include network segmentation (VLANs, etc), access control, careful review of what gets hosted and how, etc.
Then, there are external options that you can consider, like IDS, honeypots, and like canaries in the coal mine to alert the sysadmin to a intrusion. But bottom line, it’s all about cost vs. benefit. How much access do I want to have vs. the attendant risks.
An air-gapped NAS is hard to crack.