Browse Source

minifirewall: change some defaults

Only SSH (22) is open on privilegied IPs
Remove volatile.debian.org domain
pull/124/head
Jérémy Lecour 2 months ago
committed by Jérémy Lecour
parent
commit
5588ed6009
  1. 1
      CHANGELOG.md
  2. 10
      minifirewall/files/minifirewall.conf

1
CHANGELOG.md

@ -18,6 +18,7 @@ The **patch** part changes incrementally at each release.
* certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
* evoacme: upstream release 21.01
* minifirewall: change some defaults
### Fixed

10
minifirewall/files/minifirewall.conf

@ -30,15 +30,15 @@ PRIVILEGIEDIPS=''
# Protected services
# (add also in Public services if needed)
SERVICESTCP1p='22'
SERVICESTCP1p='22222'
SERVICESUDP1p=''
# Public services (IPv4/IPv6)
SERVICESTCP1='25 53 443 993 995 22222'
SERVICESUDP1='53'
SERVICESTCP1='22222'
SERVICESUDP1=''
# Semi-public services (IPv4)
SERVICESTCP2='20 21 22 80 110 143'
SERVICESTCP2='22'
SERVICESUDP2=''
# Private services (IPv4)
@ -55,7 +55,7 @@ DNSSERVEURS='0.0.0.0/0'
# HTTP authorizations
# (you can use DNS names but set cron to reload minifirewall regularly)
# (if you have HTTP proxy, set 0.0.0.0/0)
# HTTPSITES='security.debian.org security-cdn.debian.org pub.evolix.net volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org'
# HTTPSITES='security.debian.org pub.evolix.net security-cdn.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org ocsp.int-x3.letsencrypt.org'
HTTPSITES='0.0.0.0/0'
# HTTPS authorizations

Loading…
Cancel
Save