| 15.5. TLS Serial Server configuration | ||
|---|---|---|
 | Chapter 15. System Services |  |
| 15.5. TLS Serial Server configuration | ||
|---|---|---|
| | Chapter 15. System Services | |
The TLS serial server allows connection via TLS to the FB2500 command-line interface (CLI). The CLI is documented in Chapter 21 and in Appendix J.
You will need a client to send commands to this service. We recommend using our open source client, which can be found on Codeberg. This client supports all the functionality of the FireBrick CLI.
Access control can be restricted in the same way as the HTTP (web) service, including per user access restrictions.
The example XML below shows the TLS serial server service configured with restricted access :-
<tls-serial allow="10.0.0.0/24 10.1.0.3-98 10.100.100.88 10.99.99.0/24"
comment="TLS serial service access restricted by IP address"
local-only="false"/>By default, the FB2500 will only allow access from machines that are on one of the locally-attached Ethernet subnets[a].
To allow access from other interfaces, set local-only="false"
The underlying protocol for communicating with the FB2500 using this service is simply to send text via a TLS stream. However, in order to use all of the features of the CLI, key presses should be sent unbuffered. This is what our own open-source TLS serial client does.
Clients which send 'line buffered' output to the FireBrick can also be used to issue CLI commands, but useful features such as tab-completion, question-mark help, console logging, command editing and command history will be unavailable or will not work as intended.
One readily available line-buffering client that allows this partial functionality is s_client from the OpenSSL package:
openssl s_client -quiet <your_firebrick_ip>:230
Be aware that your login password will be visible on screen when using line buffered clients.
If you're using a client that does local line buffering, all command lines will be echoed back to
you and console logging will interact badly with command input. You can turn off console logging with the
troff command. Input echoing can be disabled with the command set echo 0
or by setting echo-input to false in the tls-serial configuration.
| |  | |
| 15.4. Telnet Server configuration |  | 15.6. DNS configuration |