minifirewall: change some defaults
Only SSH (22) is open on privilegied IPs Remove volatile.debian.org domain
This commit is contained in:
parent
6c84ada361
commit
5588ed6009
|
@ -18,6 +18,7 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
* certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
|
* certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
|
||||||
* evoacme: upstream release 21.01
|
* evoacme: upstream release 21.01
|
||||||
|
* minifirewall: change some defaults
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
|
|
|
@ -30,15 +30,15 @@ PRIVILEGIEDIPS=''
|
||||||
|
|
||||||
# Protected services
|
# Protected services
|
||||||
# (add also in Public services if needed)
|
# (add also in Public services if needed)
|
||||||
SERVICESTCP1p='22'
|
SERVICESTCP1p='22222'
|
||||||
SERVICESUDP1p=''
|
SERVICESUDP1p=''
|
||||||
|
|
||||||
# Public services (IPv4/IPv6)
|
# Public services (IPv4/IPv6)
|
||||||
SERVICESTCP1='25 53 443 993 995 22222'
|
SERVICESTCP1='22222'
|
||||||
SERVICESUDP1='53'
|
SERVICESUDP1=''
|
||||||
|
|
||||||
# Semi-public services (IPv4)
|
# Semi-public services (IPv4)
|
||||||
SERVICESTCP2='20 21 22 80 110 143'
|
SERVICESTCP2='22'
|
||||||
SERVICESUDP2=''
|
SERVICESUDP2=''
|
||||||
|
|
||||||
# Private services (IPv4)
|
# Private services (IPv4)
|
||||||
|
@ -55,7 +55,7 @@ DNSSERVEURS='0.0.0.0/0'
|
||||||
# HTTP authorizations
|
# HTTP authorizations
|
||||||
# (you can use DNS names but set cron to reload minifirewall regularly)
|
# (you can use DNS names but set cron to reload minifirewall regularly)
|
||||||
# (if you have HTTP proxy, set 0.0.0.0/0)
|
# (if you have HTTP proxy, set 0.0.0.0/0)
|
||||||
# HTTPSITES='security.debian.org security-cdn.debian.org pub.evolix.net volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org'
|
# HTTPSITES='security.debian.org pub.evolix.net security-cdn.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org ocsp.int-x3.letsencrypt.org'
|
||||||
HTTPSITES='0.0.0.0/0'
|
HTTPSITES='0.0.0.0/0'
|
||||||
|
|
||||||
# HTTPS authorizations
|
# HTTPS authorizations
|
||||||
|
|
Loading…
Reference in New Issue