Simple and flexible firewall for Linux server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jérémy Dubois 9898ff9e62 Put our IPs back in the TRUSTEDIPS variable 8 months ago
.gitignore Add a Vagrantfile for testing 2 years ago
LICENSE Minifirewall is now under GPLv3 license 2 years ago
README.md Fix typo in install doc 2 years ago
Vagrantfile Add a Vagrantfile for testing 2 years ago
blacklist-countries.sh Modify URL to track country ip blocks 7 years ago
cron_minifirewall Added an example of cron script to daily reload iptables 11 years ago
minifirewall Update copyright and add version number 10 months ago
minifirewall.conf Put our IPs back in the TRUSTEDIPS variable 8 months ago
ripe.sh Add delegated CIDR for AFRINIC and LACNIC. 7 years ago

README.md

Minifirewall

Minifirewall is shellscripts for easy firewalling on a standalone server we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel See https://gitea.evolix.org/evolix/minifirewall

Install

install -m 0700 minifirewall /etc/init.d/minifirewall
install -m 0600 minifirewall.conf /etc/default/minifirewall

Config

Edit /etc/default/minifirewall file:

  • If your interface is not eth0, change INT variable
  • If you don't IPv6 : IPv6=off
  • Modify INTLAN variable, probably with your IP/32 or your local network if you trust it
  • Set your trusted and privilegied IP addresses in TRUSTEDIPS and PRIVILEGIEDIPS variables
  • Authorize your +public+ services with SERVICESTCP1 and SERVICESUDP1 variables
  • Authorize your +semi-public+ services (only for TRUSTEDIPS and PRIVILEGIEDIPS ) with SERVICESTCP2 and SERVICESUDP2 variables
  • Authorize your +private+ services (only for TRUSTEDIPS ) with SERVICESTCP3 and SERVICESUDP3 variables
  • Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP
  • Add your specific rules

Usage

/etc/init.d/minifirewall start/stop/restart

If you want to add minifirewall in boot sequence:

systemctl enable minifirewall

License

This is an Evolix project and is licensed under the GPLv3, see the LICENSE file for details.