evolix
/
minifirewall
16
0
Fork 0
Code Issues 2 Pull Requests 3 Releases Activity
Simple and flexible firewall for Linux server
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
176 Commits
9 Branches
0 Tags
231 KiB
Shell 100%
 
master
split-init
includes
nftables
docker
ipset-denylist
dev
debian-sid
systemd
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
Jérémy Lecour 695da7140a Release 23.02 2 months ago
tests Add test configurations in tests directory 1 year ago
.gitignore Add a Vagrantfile for testing 4 years ago
CHANGELOG.md Release 23.02 2 months ago
LICENSE Minifirewall is now under GPLv3 license 4 years ago
README.md Merge branch 'master' into includes 1 year ago
Vagrantfile Add a Vagrantfile for testing 4 years ago
blacklist-countries.sh Modify URL to track country ip blocks 8 years ago
cron_minifirewall Added an example of cron script to daily reload iptables 12 years ago
minifirewall Release 23.02 2 months ago
minifirewall.conf Release 22.03.1 1 year ago
ripe.sh Add delegated CIDR for AFRINIC and LACNIC. 9 years ago

README.md

Minifirewall

Minifirewall is shellscripts for easy firewalling on a standalone server we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel See https://gitea.evolix.org/evolix/minifirewall

Install

install --mode 0700 minifirewall /etc/init.d/minifirewall
install --mode 0600 minifirewall.conf /etc/default/minifirewall
mkdir --mode 0700 /etc/minifirewall.d

Config

Edit /etc/default/minifirewall file:

  • If your interface is not eth0, change INT variable
  • If you don't use IPv6, set IPv6='off'
  • Modify INTLAN variable, probably with your <IP>/32 or your local network if you trust it
  • Set your trusted and privilegied IP addresses in TRUSTEDIPS and PRIVILEGIEDIPS variables
  • Authorize your public services with SERVICESTCP1 and SERVICESUDP1 variables
  • Authorize your semi-public services (only for TRUSTEDIPS and PRIVILEGIEDIPS ) with SERVICESTCP2 and SERVICESUDP2 variables
  • Authorize your private services (only for TRUSTEDIPS ) with SERVICESTCP3 and SERVICESUDP3 variables
  • Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP
  • Add your specific rules

Docker

To use minifirewall with Docker you need to change the variable DOCKER='on' Then, authorisation for public/semi-public/private ports will also work for dockerized services

WARNING : When the port mapping on the host is different than in the container (ie: listen on :8090 on the host, but the service in the container listen on :8080) you need to use the port used by the container (ie: 8080) in the public/semi-public/private port list

Usage

/etc/init.d/minifirewall start/stop/restart

If you want to add minifirewall in boot sequence, add the start command to /usr/share/scripts/alert5.

License

This is an Evolix project and is licensed under the GPLv3, see the LICENSE file for details.