From f68650d60ed07da0467e516f43761ff039afa348 Mon Sep 17 00:00:00 2001
From: Florent Gluck <florent.gluck@hesge.ch>
Date: Sat, 27 Jul 2024 11:45:32 +0200
Subject: [PATCH] Added comments to live_exam_os/config/boot_hooks/firewall

---
 live_exam_os/config/boot_hooks/firewall  | 7 +++++++
 live_exam_os/config/packages.list.chroot | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/live_exam_os/config/boot_hooks/firewall b/live_exam_os/config/boot_hooks/firewall
index e09fac38..15d0e09a 100755
--- a/live_exam_os/config/boot_hooks/firewall
+++ b/live_exam_os/config/boot_hooks/firewall
@@ -4,13 +4,20 @@
 
 firewall ()
 {
+    # Block all incoming and outgoing traffic
     ufw default deny incoming
     ufw default deny outgoing
+    # Allow outgoing http and https traffic
     ufw allow out from any to $1 port 80
     ufw allow out from any to $1 port 443
+    # Allow outgoing traffic to nexus-server API
     ufw allow out from any to $1 port $2
+    # Allow outgoing ntp traffic
+    # ufw allow out from any to any port 123 proto udp
+    # Allow outgoing traffic to nexus VMs (Spice)
     ufw allow out from any to $1 port 1025:65535 proto tcp
     ufw allow out from any to $1 port 1025:65535 proto udp
+
     ufw enable
 }
 
diff --git a/live_exam_os/config/packages.list.chroot b/live_exam_os/config/packages.list.chroot
index 0350e41c..352dba94 100644
--- a/live_exam_os/config/packages.list.chroot
+++ b/live_exam_os/config/packages.list.chroot
@@ -11,4 +11,4 @@ virt-viewer
 firmware-iwlwifi
 network-manager
 network-manager-gnome
-brightnessctl
+#systemd-timesyncd
-- 
GitLab