minifirewall/README.md

Minifirewall
=========

Minifirewall is shellscripts for easy firewalling on a standalone server
we used nftables https://wiki.nftables.org/ designed for recent Linux kernel
See https://gitea.evolix.org/evolix/minifirewall

## Install

~~~
install -m 0700 minifirewall.service /etc/systemd/system/minifirewall.service
install -m 0700 minifirewall-start.sh /usr/local/sbin/minifirewall-start.sh
install -m 0700 minifirewall-stop.sh /usr/local/sbin/minifirewall-stop.sh
install -m 0600 minifirewall.conf /etc/default/minifirewall
~~~

## Config

Edit /etc/default/minifirewall file:

* If your interface is not _eth0_, change *INT* variable
* Modify *INTLAN* variable, probably with your *IP/32* or your local network if you trust it
* Set your trusted and privilegied IP addresses in *TRUSTEDIPS* and *PRIVILEGIEDIPS* variables
* Authorize your +public+ services with *SERVICESTCP1* and *SERVICESUDP1* variables
* Authorize your +semi-public+ services (only for *TRUSTEDIPS* and *PRIVILEGIEDIPS* ) with *SERVICESTCP2* and *SERVICESUDP2* variables
* Authorize your +private+ services (only for *TRUSTEDIPS* ) with *SERVICESTCP3* and *SERVICESUDP3* variables
* Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP

## Usage

~~~
systemctl start/stop/restart minifirewall.service
~~~

If you want to add minifirewall in boot sequence:

~~~
systemctl enable minifirewall
~~~

## License

This is an [Evolix](https://evolix.com) project and is licensed
under the GPLv3, see the [LICENSE](LICENSE) file for details.
Update README.md 2019-06-04 16:48:27 +02:00			`Minifirewall`
			`=========`

			`Minifirewall is shellscripts for easy firewalling on a standalone server`
First nftables version of minifirewall 2020-08-24 16:59:15 +02:00			`we used nftables https://wiki.nftables.org/ designed for recent Linux kernel`
Update README.md 2019-06-04 16:48:27 +02:00			`See https://gitea.evolix.org/evolix/minifirewall`

			`## Install`

			`~~~`
First nftables version of minifirewall 2020-08-24 16:59:15 +02:00			`install -m 0700 minifirewall.service /etc/systemd/system/minifirewall.service`
			`install -m 0700 minifirewall-start.sh /usr/local/sbin/minifirewall-start.sh`
			`install -m 0700 minifirewall-stop.sh /usr/local/sbin/minifirewall-stop.sh`
Update README.md 2019-06-04 16:48:27 +02:00			`install -m 0600 minifirewall.conf /etc/default/minifirewall`
			`~~~`

			`## Config`

			`Edit /etc/default/minifirewall file:`

			`* If your interface is not _eth0_, change INT variable`
			`* Modify INTLAN variable, probably with your IP/32 or your local network if you trust it`
			`* Set your trusted and privilegied IP addresses in TRUSTEDIPS and PRIVILEGIEDIPS variables`
			`* Authorize your +public+ services with SERVICESTCP1 and SERVICESUDP1 variables`
			`* Authorize your +semi-public+ services (only for TRUSTEDIPS and PRIVILEGIEDIPS ) with SERVICESTCP2 and SERVICESUDP2 variables`
			`* Authorize your +private+ services (only for TRUSTEDIPS ) with SERVICESTCP3 and SERVICESUDP3 variables`
			`* Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP`

			`## Usage`

			`~~~`
First nftables version of minifirewall 2020-08-24 16:59:15 +02:00			`systemctl start/stop/restart minifirewall.service`
Update README.md 2019-06-04 16:48:27 +02:00			`~~~`
Improve descriptions / comments (switch all in english, etc.) 2015-09-13 18:37:53 +02:00
Update README.md 2019-06-04 16:48:27 +02:00			`If you want to add minifirewall in boot sequence:`
Improve descriptions / comments (switch all in english, etc.) 2015-09-13 18:37:53 +02:00
Update README.md 2019-06-04 16:48:27 +02:00			`~~~`
			`systemctl enable minifirewall`
			`~~~`
Minifirewall is now under GPLv3 license 2019-06-04 16:53:34 +02:00
			`## License`

			`This is an [Evolix](https://evolix.com) project and is licensed`
			`under the GPLv3, see the [LICENSE](LICENSE) file for details.`