The default OS websites would override all the default http sites.
I removed those default http sites from the file and put them in
the minifirewall_http_sites list. Since this would override the
list anyway, it doesnt change much, except that someone who doesnt
want to use the OS default websites should also override the related
variables (minifirewall_default_*_http_sites)
fixes#65
Ubuntu and Debian do not use the same apt sources. I created two
new default variables (minifirewall_default_xxx_http_sites) that
contain a list of the sites required for apt to work. I then removed
the debian sites from the default file and added two new tasks to
prepend the contents of these variables to HTTPSITES.
fixes#65
minifirewall_status returns "started" on stdout and exit code 0,
or "stopped" on stdout and exit code 1. The state of minifirewall
is determined by looking for common iptables rules applied by
minifirewall.
check_minifirewall is an NRPE plugin for minifirewall. It returns:
* 0 (OK) if the firewall state is consistent with its configuration
(from the alert5 script)
* 1 (WARNING) if the firewall is started but alert5 is not configured
properly
* 2 (CRITICAL) if the firewall is not running but it should be.
Debian migrated its security.debian.org repository to Fastly CDN
(security-cdn.debian.org) so we have to whitelist it too to make
security upgrades possible.