forked from evolix/ansible-roles
minifirewall: change some defaults
Only SSH (22) is open on privilegied IPs Remove volatile.debian.org domain
This commit is contained in:
parent
6c84ada361
commit
5588ed6009
|
@ -18,6 +18,7 @@ The **patch** part changes incrementally at each release.
|
|||
|
||||
* certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
|
||||
* evoacme: upstream release 21.01
|
||||
* minifirewall: change some defaults
|
||||
|
||||
### Fixed
|
||||
|
||||
|
|
|
@ -30,15 +30,15 @@ PRIVILEGIEDIPS=''
|
|||
|
||||
# Protected services
|
||||
# (add also in Public services if needed)
|
||||
SERVICESTCP1p='22'
|
||||
SERVICESTCP1p='22222'
|
||||
SERVICESUDP1p=''
|
||||
|
||||
# Public services (IPv4/IPv6)
|
||||
SERVICESTCP1='25 53 443 993 995 22222'
|
||||
SERVICESUDP1='53'
|
||||
SERVICESTCP1='22222'
|
||||
SERVICESUDP1=''
|
||||
|
||||
# Semi-public services (IPv4)
|
||||
SERVICESTCP2='20 21 22 80 110 143'
|
||||
SERVICESTCP2='22'
|
||||
SERVICESUDP2=''
|
||||
|
||||
# Private services (IPv4)
|
||||
|
@ -55,7 +55,7 @@ DNSSERVEURS='0.0.0.0/0'
|
|||
# HTTP authorizations
|
||||
# (you can use DNS names but set cron to reload minifirewall regularly)
|
||||
# (if you have HTTP proxy, set 0.0.0.0/0)
|
||||
# HTTPSITES='security.debian.org security-cdn.debian.org pub.evolix.net volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org'
|
||||
# HTTPSITES='security.debian.org pub.evolix.net security-cdn.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org ocsp.int-x3.letsencrypt.org'
|
||||
HTTPSITES='0.0.0.0/0'
|
||||
|
||||
# HTTPS authorizations
|
||||
|
|
Loading…
Reference in a new issue