minifirewall: change some defaults

Only SSH (22) is open on privilegied IPs
Remove volatile.debian.org domain
This commit is contained in:
Jérémy Lecour 2021-02-04 10:55:26 +01:00 committed by Jérémy Lecour
parent 6c84ada361
commit 5588ed6009
2 changed files with 6 additions and 5 deletions

View File

@ -18,6 +18,7 @@ The **patch** part changes incrementally at each release.
* certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto") * certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
* evoacme: upstream release 21.01 * evoacme: upstream release 21.01
* minifirewall: change some defaults
### Fixed ### Fixed

View File

@ -30,15 +30,15 @@ PRIVILEGIEDIPS=''
# Protected services # Protected services
# (add also in Public services if needed) # (add also in Public services if needed)
SERVICESTCP1p='22' SERVICESTCP1p='22222'
SERVICESUDP1p='' SERVICESUDP1p=''
# Public services (IPv4/IPv6) # Public services (IPv4/IPv6)
SERVICESTCP1='25 53 443 993 995 22222' SERVICESTCP1='22222'
SERVICESUDP1='53' SERVICESUDP1=''
# Semi-public services (IPv4) # Semi-public services (IPv4)
SERVICESTCP2='20 21 22 80 110 143' SERVICESTCP2='22'
SERVICESUDP2='' SERVICESUDP2=''
# Private services (IPv4) # Private services (IPv4)
@ -55,7 +55,7 @@ DNSSERVEURS='0.0.0.0/0'
# HTTP authorizations # HTTP authorizations
# (you can use DNS names but set cron to reload minifirewall regularly) # (you can use DNS names but set cron to reload minifirewall regularly)
# (if you have HTTP proxy, set 0.0.0.0/0) # (if you have HTTP proxy, set 0.0.0.0/0)
# HTTPSITES='security.debian.org security-cdn.debian.org pub.evolix.net volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org' # HTTPSITES='security.debian.org pub.evolix.net security-cdn.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org ocsp.int-x3.letsencrypt.org'
HTTPSITES='0.0.0.0/0' HTTPSITES='0.0.0.0/0'
# HTTPS authorizations # HTTPS authorizations