Some SolarNode plugins create TCP services, some on user-configurable ports. The default SolarNode OS images have a firewall configured to block incoming ports other than for SSH and HTTP. It would be nice if there was some way for SolarNode to manage the open ports on the system.

To work in a platform-independent manner, relying on a helper script with a well-defined API could be used. For example:

sn-firewall list-open
sn-firewall open tcp 20000 0.0.0.0/32
sn-firewall close tcp 20000

In the Debian 9 SolarNode OS, the sn-firewall script would configure the /etc/iptables/iptables.rules configuration and manage the firewall state via iptables-restore.

It would be helpful for plugins that do rely on an open firewall port to be able to easily help the user manage this by one/more of the following:

1. give feedback to user in component settings if the required port is open/closed
2. directly open the port as needed

Directly opening the port might be trickier than worth the effort... especially considering what should happen when the component is removed. Probably the first option is best, along with a dedicated UI in the SolarNode GUI for managing the firewall ports.