Jérémy Lecour
80307172af
Remove volatile.debian.org from HTTPSITES
This domain doesn't exist anymore.
1 week ago
Jérémy Lecour
7126d70982
Update copyright and add version number
1 month ago
Gregory Colpart
5a907b1ce0
new policy for default ports: we close almost all to be sure that nothing works if we don't configure it
nouvelle politique d'ouverture des ports par défaut : on ferme quasi tout pour que rien ne marche ou presque si on ne configure rien
4 months ago
Jérémy Lecour
ba193f22fa
Change public SSH port from 2222 to 22222
5 months ago
Ludovic Poujol
3bcaee5b58
Merge pull request 'Docker handling' ( #5 ) from docker into master
Reviewed-on: #5
6 months ago
Ludovic Poujol
7c384a777b
Better handling of Docker to match the usual minifirewall behaviour
Revert some changes from 0ec2cb2f4b
like the SERVICESTCP4 SERVICESUDP4
Instead, we'll re-create the usual behaviour of public, privileged and
trusted ports for docker when the variable DOCKER is set to "on"
6 months ago
Ludovic Poujol
0ec2cb2f4b
Make it compatible with docker
Add a new variable "DOCKER" that should be set to "on" when this is a
docker machine.
It will
- Disable the nat tables flush on stop/restart
Reason : Not breaking outgoing networking for containers
- Create the "DOCKER-USER" chain, and add a DROP
By default everything is closed and we don't expose services to the
outside world
- Add rules in the "DOCKER-USER" chain to open services to the outside
world.
Untested with swarm
11 months ago
Ludovic Poujol
30041b8949
Fix IPV6 var not being defined on stop
11 months ago
Ludovic Poujol
60ca9f67b2
Update project URL in comment
11 months ago
Victor LABORIE
42e18e57fd
Add a Vagrantfile for testing
1 year ago
Victor LABORIE
326547fba3
Fix typo in install doc
1 year ago
Victor LABORIE
e80979e04d
Minifirewall is now under GPLv3 license
1 year ago
Victor LABORIE
6846263daa
Update README.md
1 year ago
Tristan Pilat
979b7e2d03
Add missing variables in SMTPSECUREOK and SMTPOK loops
2 years ago
Romain Dessort
9ebb5fe748
Add security-cdn.debian.org to HTTPSITES whitelist
Debian migrated its security.debian.org repository to Fastly CDN
(security-cdn.debian.org) so we have to whitelist it too to make
security upgrades possible.
3 years ago
Jérémy Lecour
0450c12f5d
Merge branch 'ocsp-letsencrypt'
3 years ago
Jérémy Lecour
afdfc00a67
Add letsencrypt in HTTPSITES
3 years ago
Victor LABORIE
dba28b0679
Remove obsolete srv domain
4 years ago
Gregory Colpart
164d727e8e
Remove obsolete IP addr
5 years ago
Benoît S.
b6a47dea0d
Added quote to $IPV6 variables.
5 years ago
Tristan Pilat
02d6447a10
Fix bug with IPv6.
When IPv6=off don't use ip6tables in stop and reset function.
5 years ago
Gregory Colpart
4864872586
Rename README -> README.md for Redmine / Github
5 years ago
Gregory Colpart
2943a7d58c
Improve output messages
5 years ago
Gregory Colpart
52f177303c
Fix bug in old config detection
5 years ago
Gregory Colpart
4ea10ccc83
Improve configuration file
5 years ago
Gregory Colpart
2f561a6172
Improve descriptions / comments (switch all in english, etc.)
5 years ago
Gregory Colpart
9579cfe991
Fix #1565 . Use now /etc/default/minifirewall for config file!
5 years ago
Gregory Colpart
6bc560b66a
Add default rule for IPv6 DNS responses
5 years ago
Benoît S.
283ff1161f
Added SpamAssassin update repo URLs.
6 years ago
Gregory Colpart
2d2fded0ac
use same syntax for all ip6tables rules
6 years ago
Gregory Colpart
ebbee1ac84
Modify URL to track country ip blocks
6 years ago
Benoît S.
ec0b8ffef5
Added to HTTPSITES zidane and antismap00.
6 years ago
Arnaud Tomeï
5525ff343f
Adding new IP address for Evolix
6 years ago
Gregory Colpart
d452c16bc6
Duplicate rule
6 years ago
Benoît S.
f3674af0db
Allow Input DNS on IPv6.
Used when a slave respond to a master notification in bind for example.
6 years ago
Benoît S.
5275f8d7e2
Moves rules from firewall.rc to minifirewall core.
6 years ago
Romain Dessort
57ae4df6e7
Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall
6 years ago
Romain Dessort
0eda844bba
Add delegated CIDR for AFRINIC and LACNIC.
6 years ago
Benoît S.
705c4683a2
Allow all output on lo interface for IPv6.
6 years ago
Benoît S.
ce1d628516
Adding rules for DHCPv6.
7 years ago
Benoît S.
8ed3c722ce
Adding hwraid.le-vert.net in HTTPSITES
7 years ago
Benoît S.
6c162c516b
Fixing typo in HTTPSITES.
7 years ago
Gregory Colpart
6df7c86ccf
Add http://backports.debian.org by default
7 years ago
Gregory Colpart
7d3d928e02
Improve new UDP rules to DROP by default
8 years ago
Benoît S.
ec14ee9f3e
Last committer removed the IPv4 UDP rules?! Re-adding.
8 years ago
Gregory Colpart
f84add886a
Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall
Conflicts:
firewall.rc
8 years ago
Gregory Colpart
f714700623
Allow SMTP IPv6
8 years ago
Romain Dessort
7795b715e6
Add rules to open traceroute UDP port.
8 years ago
Benoît S.
b57dddf917
By default allow outgoing packets on loopback. This is needed since the new
policy of dropping all outgoing UDP packets, especially when there is a local
bind.
8 years ago
Benoît S.
44bb5925eb
Amelioration added for blocking output UDP.
8 years ago