From 6846263daa3f2ffb08389a18a4d9cf04cc5d4bba Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Tue, 4 Jun 2019 16:48:27 +0200 Subject: [PATCH] Update README.md --- README.md | 44 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 317095a..86db817 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,39 @@ -minifirewall is shellscripts for easy firewalling on a standalone server +Minifirewall +========= + +Minifirewall is shellscripts for easy firewalling on a standalone server we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel -See https://forge.evolix.org/projects/minifirewall +See https://gitea.evolix.org/evolix/minifirewall -Usage : -------- +## Install -* download minifirewall and minifirewall.conf -* copy minifirewall.conf in /etc (for Debian, use /etc/default/minifirewall) - and configure it -* start / stop with : minifirewall start / minifirewall stop +~~~ +install -m 0700 /etc/init.d/minifirewall +install -m 0600 minifirewall.conf /etc/default/minifirewall +~~~ + +## Config + +Edit /etc/default/minifirewall file: + +* If your interface is not _eth0_, change *INT* variable +* If you don't IPv6 : *IPv6=off* +* Modify *INTLAN* variable, probably with your *IP/32* or your local network if you trust it +* Set your trusted and privilegied IP addresses in *TRUSTEDIPS* and *PRIVILEGIEDIPS* variables +* Authorize your +public+ services with *SERVICESTCP1* and *SERVICESUDP1* variables +* Authorize your +semi-public+ services (only for *TRUSTEDIPS* and *PRIVILEGIEDIPS* ) with *SERVICESTCP2* and *SERVICESUDP2* variables +* Authorize your +private+ services (only for *TRUSTEDIPS* ) with *SERVICESTCP3* and *SERVICESUDP3* variables +* Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP +* Add your specific rules + +## Usage + +~~~ +/etc/init.d/minifirewall start/stop/restart +~~~ + +If you want to add minifirewall in boot sequence: + +~~~ +systemctl enable minifirewall +~~~