Release 22.05 #155
|
@ -18,7 +18,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
* evolinux-base: backup-server-state release 22.03.5
|
* evolinux-base: backup-server-state release 22.03.5
|
||||||
* evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
|
* evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
|
||||||
* generate-ldif: Add services check for bkctld
|
* generate-ldif: Add services check for bkctld
|
||||||
* minifirewall: upstream release 22.03.3 and use includes directory
|
* minifirewall: upstream release 22.03.4
|
||||||
* openvpn: use a subnet topology instead of the net30 default topology
|
* openvpn: use a subnet topology instead of the net30 default topology
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
|
@ -28,7 +28,7 @@
|
||||||
# Description: Firewall designed for standalone server
|
# Description: Firewall designed for standalone server
|
||||||
### END INIT INFO
|
### END INIT INFO
|
||||||
|
|
||||||
VERSION="22.03.3"
|
VERSION="22.03.4"
|
||||||
|
|
||||||
NAME="minifirewall"
|
NAME="minifirewall"
|
||||||
# shellcheck disable=SC2034
|
# shellcheck disable=SC2034
|
||||||
|
@ -97,6 +97,21 @@ BACKUPSERVERS=''
|
||||||
|
|
||||||
LEGACY_CONFIG='off'
|
LEGACY_CONFIG='off'
|
||||||
|
|
||||||
|
## pseudo dry-run :
|
||||||
|
## Uncomment and call these functions instead of the real iptables and ip6tables commands
|
||||||
|
# IPT="fake_iptables"
|
||||||
|
# IPT6="fake_ip6tables"
|
||||||
|
# fake_iptables() {
|
||||||
|
# printf "DRY-RUN iptables %s\n" "$*"
|
||||||
|
# }
|
||||||
|
# fake_ip6tables() {
|
||||||
|
# printf "DRY-RUN ip6tables %s\n" "$*"
|
||||||
|
# }
|
||||||
|
## Beware that commands executed from included files are not modified by this trick.
|
||||||
|
|
||||||
|
sort_values() {
|
||||||
|
echo "$*" | tr ' ' '\n' | sort -h
|
||||||
|
}
|
||||||
is_ipv6_enabled() {
|
is_ipv6_enabled() {
|
||||||
test "${IPV6}" != "off"
|
test "${IPV6}" != "off"
|
||||||
}
|
}
|
||||||
|
@ -303,6 +318,31 @@ start() {
|
||||||
# * from configuration directory (/etc/minifirewall.d/*)
|
# * from configuration directory (/etc/minifirewall.d/*)
|
||||||
source_includes
|
source_includes
|
||||||
|
|
||||||
|
# IP/ports lists are sorted to have consistent ordering
|
||||||
|
# You can disable this feature by simply commenting the following lines
|
||||||
|
LOOPBACK=$(sort_values ${LOOPBACK})
|
||||||
|
INTLAN=$(sort_values ${INTLAN})
|
||||||
|
TRUSTEDIPS=$(sort_values ${TRUSTEDIPS})
|
||||||
|
PRIVILEGIEDIPS=$(sort_values ${PRIVILEGIEDIPS})
|
||||||
|
SERVICESTCP1p=$(sort_values ${SERVICESTCP1p})
|
||||||
|
SERVICESUDP1p=$(sort_values ${SERVICESUDP1p})
|
||||||
|
SERVICESTCP1=$(sort_values ${SERVICESTCP1})
|
||||||
|
SERVICESUDP1=$(sort_values ${SERVICESUDP1})
|
||||||
|
SERVICESTCP2=$(sort_values ${SERVICESTCP2})
|
||||||
|
SERVICESUDP2=$(sort_values ${SERVICESUDP2})
|
||||||
|
SERVICESTCP3=$(sort_values ${SERVICESTCP3})
|
||||||
|
SERVICESUDP3=$(sort_values ${SERVICESUDP3})
|
||||||
|
DNSSERVEURS=$(sort_values ${DNSSERVEURS})
|
||||||
|
HTTPSITES=$(sort_values ${HTTPSITES})
|
||||||
|
HTTPSSITES=$(sort_values ${HTTPSSITES})
|
||||||
|
FTPSITES=$(sort_values ${FTPSITES})
|
||||||
|
SSHOK=$(sort_values ${SSHOK})
|
||||||
|
SMTPOK=$(sort_values ${SMTPOK})
|
||||||
|
SMTPSECUREOK=$(sort_values ${SMTPSECUREOK})
|
||||||
|
NTPOK=$(sort_values ${NTPOK})
|
||||||
|
PROXYBYPASS=$(sort_values ${PROXYBYPASS})
|
||||||
|
BACKUPSERVERS=$(sort_values ${BACKUPSERVERS})
|
||||||
|
|
||||||
# Trusted ip addresses
|
# Trusted ip addresses
|
||||||
${IPT} -N ONLYTRUSTED
|
${IPT} -N ONLYTRUSTED
|
||||||
${IPT} -A ONLYTRUSTED -j LOG_DROP
|
${IPT} -A ONLYTRUSTED -j LOG_DROP
|
||||||
|
|
Loading…
Reference in a new issue