minifirewall: change some defaults

Only SSH (22) is open on privilegied IPs Remove volatile.debian.org domain
1 year ago · 5588ed6009
2 changed files with 6 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -18,6 +18,7 @@ The **patch** part changes incrementally at each release.

 * certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
 * evoacme: upstream release 21.01
+* minifirewall: change some defaults

 ### Fixed

--- a/minifirewall/files/minifirewall.conf
+++ b/minifirewall/files/minifirewall.conf
@ -30,15 +30,15 @@ PRIVILEGIEDIPS=''

 # Protected services
 # (add also in Public services if needed)
-SERVICESTCP1p='22'
+SERVICESTCP1p='22222'
 SERVICESUDP1p=''

 # Public services (IPv4/IPv6)
-SERVICESTCP1='25 53 443 993 995 22222'
-SERVICESUDP1='53'
+SERVICESTCP1='22222'
+SERVICESUDP1=''

 # Semi-public services (IPv4)
-SERVICESTCP2='20 21 22 80 110 143'
+SERVICESTCP2='22'
 SERVICESUDP2=''

 # Private services (IPv4)
@ -55,7 +55,7 @@ DNSSERVEURS='0.0.0.0/0'
 # HTTP authorizations
 # (you can use DNS names but set cron to reload minifirewall regularly)
 # (if you have HTTP proxy, set 0.0.0.0/0)
-# HTTPSITES='security.debian.org security-cdn.debian.org pub.evolix.net volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org'
+# HTTPSITES='security.debian.org pub.evolix.net security-cdn.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org ocsp.int-x3.letsencrypt.org'
 HTTPSITES='0.0.0.0/0'

 # HTTPS authorizations