Update README.md
This commit is contained in:
parent
979b7e2d03
commit
6846263daa
44
README.md
44
README.md
|
@ -1,11 +1,39 @@
|
||||||
minifirewall is shellscripts for easy firewalling on a standalone server
|
Minifirewall
|
||||||
|
=========
|
||||||
|
|
||||||
|
Minifirewall is shellscripts for easy firewalling on a standalone server
|
||||||
we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel
|
we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel
|
||||||
See https://forge.evolix.org/projects/minifirewall
|
See https://gitea.evolix.org/evolix/minifirewall
|
||||||
|
|
||||||
Usage :
|
## Install
|
||||||
-------
|
|
||||||
|
|
||||||
* download minifirewall and minifirewall.conf
|
~~~
|
||||||
* copy minifirewall.conf in /etc (for Debian, use /etc/default/minifirewall)
|
install -m 0700 /etc/init.d/minifirewall
|
||||||
and configure it
|
install -m 0600 minifirewall.conf /etc/default/minifirewall
|
||||||
* start / stop with : minifirewall start / minifirewall stop
|
~~~
|
||||||
|
|
||||||
|
## Config
|
||||||
|
|
||||||
|
Edit /etc/default/minifirewall file:
|
||||||
|
|
||||||
|
* If your interface is not _eth0_, change *INT* variable
|
||||||
|
* If you don't IPv6 : *IPv6=off*
|
||||||
|
* Modify *INTLAN* variable, probably with your *IP/32* or your local network if you trust it
|
||||||
|
* Set your trusted and privilegied IP addresses in *TRUSTEDIPS* and *PRIVILEGIEDIPS* variables
|
||||||
|
* Authorize your +public+ services with *SERVICESTCP1* and *SERVICESUDP1* variables
|
||||||
|
* Authorize your +semi-public+ services (only for *TRUSTEDIPS* and *PRIVILEGIEDIPS* ) with *SERVICESTCP2* and *SERVICESUDP2* variables
|
||||||
|
* Authorize your +private+ services (only for *TRUSTEDIPS* ) with *SERVICESTCP3* and *SERVICESUDP3* variables
|
||||||
|
* Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP
|
||||||
|
* Add your specific rules
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
~~~
|
||||||
|
/etc/init.d/minifirewall start/stop/restart
|
||||||
|
~~~
|
||||||
|
|
||||||
|
If you want to add minifirewall in boot sequence:
|
||||||
|
|
||||||
|
~~~
|
||||||
|
systemctl enable minifirewall
|
||||||
|
~~~
|
||||||
|
|
Loading…
Reference in New Issue