evolix/minifirewall
21
0
Fork 0
Code Issues 4 Pull requests 3 Releases 1 Activity
195 commits 9 branches 1 tag 248 KiB
Commit graph

39 commits

Author SHA1 Message Date
Jérémy Lecour 2bdcf01882
add IPv6 for secondary office network 2023-07-07 10:26:35 +02:00
Jérémy Lecour 5eb3129e47
fix monitoring IPv6 2023-07-07 10:25:42 +02:00
Jérémy Lecour 10825a80ff
Release 23.07 2023-07-04 11:41:19 +02:00
Gregory Colpart 8271602a30 remove deprecated IP 2023-06-13 15:58:35 +02:00
Jérémy Lecour 25893ee66b Release 22.03.1 2022-03-15 18:57:30 +01:00
Jérémy Lecour e269e86341 remove comments 2022-03-15 18:55:13 +01:00
Jérémy Lecour 6e6a2d9a82 Release 22.03 2022-03-15 16:37:20 +01:00
Jérémy Lecour aada44e1f2 Merge branch 'master' into includes 2022-03-15 16:32:08 +01:00
Jérémy Lecour 0041789d5e improve docs and merge 45f04e 2022-03-15 16:27:26 +01:00
Jérémy Lecour c36be1c9c9 Add variables and documentation for sysctl variables (fixes #7) 2022-03-15 16:27:26 +01:00
Jérémy Dubois ba12a45d8a Revert "Apply policy of IPv4 to IPv6" 
This reverts commit f52971a173
which was a mistake : theses rules match a return packet
incoming on the server, not a new one.
 2022-01-27 10:15:45 +01:00
Jérémy Dubois f52971a173 Apply policy of IPv4 to IPv6 
We close almost all to be sure that nothing works if we don't configure it
 2022-01-24 11:09:36 +01:00
Ludovic Poujol 45f04e322a Add warning on port opening for docker 2022-01-12 12:04:56 +01:00
Jérémy Lecour e7aaefef9a Release 21.12 2021-12-06 17:32:21 +01:00
Jérémy Lecour 3b4ffec174 Document helper functions that are accessible inincluded files 2021-09-14 12:47:32 +02:00
Jérémy Lecour cfa1c20332 Add IPv6 support on many macros 2021-09-14 11:05:59 +02:00
Ludovic Poujol 79c1790564 WIP - IPv6 Handleing for output authorisation 2021-09-14 09:12:08 +02:00
Jérémy Lecour ad024bac8f valeur de IPV6 avec simples quotes 2021-06-04 14:08:04 +02:00
Jérémy Lecour aa67894438 Ouverture totale de HTTPSITES par défaut 2021-06-04 14:07:21 +02:00
Jérémy Lecour 9ae2a03955 proxy: simplification de la boucle 2021-06-04 14:06:37 +02:00
Jérémy Lecour f87bbe5442 add macro for proxy 2021-05-26 13:20:12 +02:00
Jérémy Lecour 0f93e8e75e fixup! store includes in /etc/minifirewall.d 2021-05-26 13:13:26 +02:00
Jérémy Lecour 275a4c5bab Add macro for backup servers 2021-05-26 13:12:56 +02:00
Jérémy Lecour 800448ff97 update verison 2021-05-22 23:22:31 +02:00
Jérémy Lecour c48534146a Source files in /etc/default/minifirewall.d 2021-05-22 09:11:49 +02:00
Jérémy Dubois 9898ff9e62 Put our IPs back in the TRUSTEDIPS variable 
The TRUSTEDIPS variable is the public reference for Evolix IPs
 2021-02-05 15:28:07 +01:00
Jérémy Lecour 80307172af Remove volatile.debian.org from HTTPSITES 
This domain doesn't exist anymore.
 2021-01-14 08:16:50 +01:00
Jérémy Lecour 7126d70982 Update copyright and add version number 2020-12-01 22:55:59 +01:00
Gregory Colpart 5a907b1ce0 new policy for default ports: we close almost all to be sure that nothing works if we don't configure it 
nouvelle politique d'ouverture des ports par défaut : on ferme quasi tout pour que rien ne marche ou presque si on ne configure rien
 2020-09-22 16:59:39 +02:00
Jérémy Lecour ba193f22fa Change public SSH port from 2222 to 22222 2020-08-28 18:26:59 +02:00
Ludovic Poujol 7c384a777b
Better handling of Docker to match the usual minifirewall behaviour 
Revert some changes from 0ec2cb2f4b
like the SERVICESTCP4 SERVICESUDP4

Instead, we'll re-create the usual behaviour of public, privileged and
trusted ports for docker when the variable DOCKER is set to "on"
 2020-07-27 10:33:40 +02:00
Ludovic Poujol 0ec2cb2f4b
Make it compatible with docker 
Add a new variable "DOCKER" that should be set to "on" when this is a
docker machine.

It will
- Disable the nat tables flush on stop/restart
  Reason : Not breaking outgoing networking for containers

- Create the "DOCKER-USER" chain, and add a DROP
  By default everything is closed and we don't expose services to the
  outside world

- Add rules in the "DOCKER-USER" chain to open services to the outside
  world.

Untested with swarm
 2020-02-25 16:33:24 +01:00
Ludovic Poujol 30041b8949
Fix IPV6 var not being defined on stop 2020-02-21 16:26:41 +01:00
Romain Dessort 9ebb5fe748 Add security-cdn.debian.org to HTTPSITES whitelist 
Debian migrated its security.debian.org repository to Fastly CDN
(security-cdn.debian.org) so we have to whitelist it too to make
security upgrades possible.
 2018-01-29 11:22:46 -05:00
Jérémy Lecour afdfc00a67 Add letsencrypt in HTTPSITES 2017-05-16 09:58:16 +02:00
Victor LABORIE dba28b0679 Remove obsolete srv domain 2016-08-09 12:40:14 +02:00
Gregory Colpart 164d727e8e Remove obsolete IP addr 2015-12-07 17:20:51 +01:00
Gregory Colpart 4ea10ccc83 Improve configuration file 2015-09-13 20:13:05 +02:00
Gregory Colpart 9579cfe991 Fix #1565. Use now /etc/default/minifirewall for config file! 2015-09-13 17:15:40 +02:00
Renamed from firewall.rc (Browse further)