Jérémy Dubois
9898ff9e62
Put our IPs back in the TRUSTEDIPS variable
The TRUSTEDIPS variable is the public reference for Evolix IPs
2 months ago
Jérémy Lecour
80307172af
Remove volatile.debian.org from HTTPSITES
This domain doesn't exist anymore.
3 months ago
Jérémy Lecour
7126d70982
Update copyright and add version number
4 months ago
5a907b1ce0
new policy for default ports: we close almost all to be sure that nothing works if we don't configure it
nouvelle politique d'ouverture des ports par défaut : on ferme quasi tout pour que rien ne marche ou presque si on ne configure rien
7 months ago
Jérémy Lecour
ba193f22fa
Change public SSH port from 2222 to 22222
8 months ago
Ludovic Poujol
3bcaee5b58
Merge pull request 'Docker handling' ( #5 ) from docker into master
Reviewed-on: #5
9 months ago
Ludovic Poujol
7c384a777b
Better handling of Docker to match the usual minifirewall behaviour
Revert some changes from 0ec2cb2f4b
9 months ago
Ludovic Poujol
0ec2cb2f4b
Make it compatible with docker
Add a new variable "DOCKER" that should be set to "on" when this is a
docker machine.
It will
- Disable the nat tables flush on stop/restart
Reason : Not breaking outgoing networking for containers
- Create the "DOCKER-USER" chain, and add a DROP
By default everything is closed and we don't expose services to the
outside world
- Add rules in the "DOCKER-USER" chain to open services to the outside
world.
Untested with swarm
1 year ago
Ludovic Poujol
30041b8949
Fix IPV6 var not being defined on stop
1 year ago
Ludovic Poujol
60ca9f67b2
Update project URL in comment
1 year ago
42e18e57fd
Add a Vagrantfile for testing
2 years ago
326547fba3
Fix typo in install doc
2 years ago
e80979e04d
Minifirewall is now under GPLv3 license
2 years ago
6846263daa
Update README.md
2 years ago
Tristan Pilat
979b7e2d03
Add missing variables in SMTPSECUREOK and SMTPOK loops
3 years ago
9ebb5fe748
Add security-cdn.debian.org to HTTPSITES whitelist
Debian migrated its security.debian.org repository to Fastly CDN
(security-cdn.debian.org) so we have to whitelist it too to make
security upgrades possible.
3 years ago
Jérémy Lecour
0450c12f5d
Merge branch 'ocsp-letsencrypt'
4 years ago
Jérémy Lecour
afdfc00a67
Add letsencrypt in HTTPSITES
4 years ago
dba28b0679
Remove obsolete srv domain
5 years ago
164d727e8e
Remove obsolete IP addr
5 years ago
Benoît S.
b6a47dea0d
Added quote to $IPV6 variables.
6 years ago
Tristan Pilat
02d6447a10
Fix bug with IPv6.
When IPv6=off don't use ip6tables in stop and reset function.
6 years ago
4864872586
Rename README -> README.md for Redmine / Github
6 years ago
2943a7d58c
Improve output messages
6 years ago
52f177303c
Fix bug in old config detection
6 years ago
4ea10ccc83
Improve configuration file
6 years ago
2f561a6172
Improve descriptions / comments (switch all in english, etc.)
6 years ago
9579cfe991
Fix #1565 . Use now /etc/default/minifirewall for config file!
6 years ago
6bc560b66a
Add default rule for IPv6 DNS responses
6 years ago
Benoît S.
283ff1161f
Added SpamAssassin update repo URLs.
6 years ago
2d2fded0ac
use same syntax for all ip6tables rules
6 years ago
ebbee1ac84
Modify URL to track country ip blocks
6 years ago
Benoît S.
ec0b8ffef5
Added to HTTPSITES zidane and antismap00.
6 years ago
5525ff343f
Adding new IP address for Evolix
6 years ago
d452c16bc6
Duplicate rule
7 years ago
Benoît S.
f3674af0db
Allow Input DNS on IPv6.
Used when a slave respond to a master notification in bind for example.
7 years ago
Benoît S.
5275f8d7e2
Moves rules from firewall.rc to minifirewall core.
7 years ago
57ae4df6e7
Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall
7 years ago
0eda844bba
Add delegated CIDR for AFRINIC and LACNIC.
7 years ago
Benoît S.
705c4683a2
Allow all output on lo interface for IPv6.
7 years ago
Benoît S.
ce1d628516
Adding rules for DHCPv6.
7 years ago
Benoît S.
8ed3c722ce
Adding hwraid.le-vert.net in HTTPSITES
8 years ago
Benoît S.
6c162c516b
Fixing typo in HTTPSITES.
8 years ago
6df7c86ccf
Add http://backports.debian.org by default
8 years ago
7d3d928e02
Improve new UDP rules to DROP by default
9 years ago
Benoît S.
ec14ee9f3e
Last committer removed the IPv4 UDP rules?! Re-adding.
9 years ago
f84add886a
Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall
Conflicts:
firewall.rc
9 years ago
f714700623
Allow SMTP IPv6
9 years ago
7795b715e6
Add rules to open traceroute UDP port.
9 years ago
Benoît S.
b57dddf917
By default allow outgoing packets on loopback. This is needed since the new
policy of dropping all outgoing UDP packets, especially when there is a local
bind.
9 years ago
Jérémy Dubois
Jérémy Lecour
Gregory Colpart
Ludovic Poujol
Tristan Pilat
Benoît S.