Tristan PILAT
|
a432511b04
|
Add per host output autorisation capability
|
2020-11-18 18:10:27 +01:00 |
|
Tristan PILAT
|
c59e63d44d
|
fixup! Update/Add section titles
|
2020-11-18 18:01:35 +01:00 |
|
Tristan PILAT
|
86ffdfc916
|
Accept any ICMPv6 input traffic
|
2020-11-18 18:01:09 +01:00 |
|
Tristan PILAT
|
36634a705f
|
We have to accepted output ICMP and IGMP since we drop output traffic by default
|
2020-11-18 18:00:28 +01:00 |
|
Tristan PILAT
|
ba865faf0a
|
Add IPv6 compatibility
|
2020-11-18 17:56:11 +01:00 |
|
Tristan PILAT
|
ab2a7e9eb0
|
Let's use the new ip_type function
|
2020-11-18 17:54:11 +01:00 |
|
Tristan PILAT
|
519a0f9c60
|
Add a function to tell whether an IP is a v4 or v6 one
|
2020-11-18 17:54:11 +01:00 |
|
Tristan PILAT
|
520b8893f0
|
Delete drop rules for output since it is the default policy now
|
2020-11-18 17:54:11 +01:00 |
|
Tristan PILAT
|
550af6e21f
|
Change output default policy to drop
|
2020-11-18 17:54:10 +01:00 |
|
Tristan PILAT
|
7a1adbdf39
|
Update/Add section titles
|
2020-11-18 17:54:10 +01:00 |
|
Tristan PILAT
|
1b19f7084b
|
We need flags interval to be able to use CIDR notation in minifirewall_privileged_ips and minifirewall_trusted_ips sets
|
2020-10-14 17:21:00 +02:00 |
|
Tristan PILAT
|
948a3aeeb2
|
We want to drop traffic coming to protected TCP/UDP ports
|
2020-10-14 17:18:03 +02:00 |
|
Tristan PILAT
|
1c1d5480bc
|
Add rules to redirsct traffic from blocked IPs to protected_tcp_pots and protected_udp_ports chains
|
2020-10-14 17:16:17 +02:00 |
|
Tristan PILAT
|
6a46ca716b
|
Add a set for the blocked IP addresses
|
2020-10-14 17:14:23 +02:00 |
|
Tristan PILAT
|
5af8fad976
|
It's easier to just accept all icmp
|
2020-10-14 16:49:23 +02:00 |
|
Tristan PILAT
|
79f6d47a6c
|
Remove commented and useless rules
|
2020-10-14 16:48:39 +02:00 |
|
Tristan PILAT
|
4781ef509c
|
Don't prevent ICMP replies to go out and only drop TCP and UDP
|
2020-09-07 11:18:52 +02:00 |
|
Tristan PILAT
|
5f4787d3fd
|
Until we get a nftables version of the Docker rules present for iptables, remove iptables commented out part for Docker.
|
2020-09-07 11:17:34 +02:00 |
|
Tristan PILAT
|
c7d0d6820b
|
Simplification of the input ICMP et IGMP rules
|
2020-09-07 11:14:41 +02:00 |
|
Tristan PILAT
|
9169a9f0b0
|
Include rules in the if statements + add comments for every output rules
|
2020-08-31 17:08:30 +02:00 |
|
Tristan PILAT
|
286fe62de5
|
Add initial work for output filtering
|
2020-08-31 09:47:35 +02:00 |
|
Tristan PILAT
|
129b323f80
|
First nftables version of minifirewall
|
2020-08-24 16:59:15 +02:00 |
|