improve docs and merge 45f04e
This commit is contained in:
parent
c36be1c9c9
commit
0041789d5e
34
README.md
34
README.md
|
@ -8,35 +8,41 @@ See https://gitea.evolix.org/evolix/minifirewall
|
|||
## Install
|
||||
|
||||
~~~
|
||||
install -m 0700 minifirewall /etc/init.d/minifirewall
|
||||
install -m 0600 minifirewall.conf /etc/default/minifirewall
|
||||
install --mode 0700 minifirewall /etc/init.d/minifirewall
|
||||
install --mode 0600 minifirewall.conf /etc/default/minifirewall
|
||||
mkdir --mode 0700 /etc/minifirewall.d
|
||||
~~~
|
||||
|
||||
## Config
|
||||
|
||||
Edit /etc/default/minifirewall file:
|
||||
|
||||
* If your interface is not _eth0_, change *INT* variable
|
||||
* If you don't IPv6 : *IPv6=off*
|
||||
* Modify *INTLAN* variable, probably with your *IP/32* or your local network if you trust it
|
||||
* Set your trusted and privilegied IP addresses in *TRUSTEDIPS* and *PRIVILEGIEDIPS* variables
|
||||
* Authorize your +public+ services with *SERVICESTCP1* and *SERVICESUDP1* variables
|
||||
* Authorize your +semi-public+ services (only for *TRUSTEDIPS* and *PRIVILEGIEDIPS* ) with *SERVICESTCP2* and *SERVICESUDP2* variables
|
||||
* Authorize your +private+ services (only for *TRUSTEDIPS* ) with *SERVICESTCP3* and *SERVICESUDP3* variables
|
||||
* If your interface is not `eth0`, change `INT` variable
|
||||
* If you don't use IPv6, set `IPv6='off'`
|
||||
* Modify `INTLAN` variable, probably with your `<IP>/32` or your local network if you trust it
|
||||
* Set your trusted and privilegied IP addresses in `TRUSTEDIPS` and `PRIVILEGIEDIPS` variables
|
||||
* Authorize your **public** services with `SERVICESTCP1` and `SERVICESUDP1` variables
|
||||
* Authorize your **semi-public** services (only for `TRUSTEDIPS` and `PRIVILEGIEDIPS` ) with `SERVICESTCP2` and `SERVICESUDP2` variables
|
||||
* Authorize your **private** services (only for `TRUSTEDIPS` ) with `SERVICESTCP3` and `SERVICESUDP3` variables
|
||||
* Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP
|
||||
* Add your specific rules
|
||||
|
||||
### Docker
|
||||
|
||||
To use minifirewall with Docker you need to change the variable `DOCKER='on'`
|
||||
Then, authorisation for public/semi-public/private ports will also work for dockerized services
|
||||
|
||||
|
||||
**WARNING** : When the port mapping on the host is different than in the container (ie: listen on :8090 on the host, but the service in the container listen on :8080)
|
||||
you need to use the port used by the container (ie: 8080) in the public/semi-public/private port list
|
||||
|
||||
## Usage
|
||||
|
||||
~~~
|
||||
/etc/init.d/minifirewall start/stop/restart
|
||||
~~~
|
||||
|
||||
If you want to add minifirewall in boot sequence:
|
||||
|
||||
~~~
|
||||
systemctl enable minifirewall
|
||||
~~~
|
||||
If you want to add minifirewall in boot sequence, add the start command to `/usr/share/scripts/alert5`.
|
||||
|
||||
## License
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# Configuration for minifirewall : https://gitea.evolix.org/evolix/minifirewall
|
||||
# Version 21.12 — 2021-12-06
|
||||
# Version 22.3 — 2022-03-15
|
||||
# shellcheck shell=sh disable=SC2034
|
||||
|
||||
# Main interface
|
||||
|
@ -11,7 +11,11 @@ IPV6='on'
|
|||
# Docker Mode
|
||||
# Changes the behaviour of minifirewall to not break the containers' network
|
||||
# For instance, turning it on will disable nat table purge
|
||||
# Also, we'll add the DOCKER-USER chain, in iptable
|
||||
# Also, we'll add the DOCKER-USER chain, in iptables
|
||||
#
|
||||
# WARNING : If the port mapping is different between the host and the container
|
||||
# (ie: Listen on :8090 on host, but :8080 in container)
|
||||
# then you need to give the port used inside the container
|
||||
DOCKER='off'
|
||||
|
||||
# Trusted local network
|
||||
|
|
Loading…
Reference in a new issue