Allow opening ports only for local network

[navanchauhan]

It shouldn't be too difficult to add a flag like --local-network-only to the yunohost firewall command which then adds similar rules [0]

# iptables -A INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
# iptables -A INPUT -p tcp --dport 22 -s 127.0.0.0/8 -j ACCEPT
# iptables -A INPUT -p tcp --dport 22 -j DROP

Use Case

I have been working on timemachine_ynh which creates a time machine backup target. Under the hood it uses a Samba server, by default if I open the required port it is also exposed to the public. I can definitely just setup the correct fail2ban config to ban IPs, but exposing something like Samba is never recommended. Having a --local-network-only flag will be better in cases like this.

If this seems like a simple enough suggestion, I am more than happy to start working on this PR

[0] https://serverfault.com/questions/835010/how-to-allow-ssh-only-from-local-network-via-iptables

[alexAubin]

« by default if I open the required port it is also exposed to the public. »

That is not correct ... unless you are using a DMZ

The classic setup is that your router is a NAT and unless your port-forward a specific port, that port ain't publicly expose ...

[alexAubin]

Also cf https://forum.yunohost.org/t/yunohost-and-samba/3128/15 to enable Samba on local network only

Imho if there's only the samba use case, it's not worth it to implement a local-network-only option for firewall...