Benoît S.
ec14ee9f3e
Last committer removed the IPv4 UDP rules?! Re-adding.
2012-11-09 10:05:34 +01:00
Gregory Colpart
f84add886a
Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall
...
Conflicts:
firewall.rc
2012-10-29 12:28:55 +01:00
Gregory Colpart
f714700623
Allow SMTP IPv6
2012-10-29 12:25:41 +01:00
Romain Dessort
7795b715e6
Add rules to open traceroute UDP port.
2012-10-24 10:32:05 +02:00
Benoît S.
b57dddf917
By default allow outgoing packets on loopback. This is needed since the new
...
policy of dropping all outgoing UDP packets, especially when there is a local
bind.
2012-10-08 16:19:22 +02:00
Benoît S.
44bb5925eb
Amelioration added for blocking output UDP.
2012-10-03 14:21:04 +02:00
Benoît S.
b5412ce98a
Adding rules to block outgoing UDP trafic except for DNS and NTP.
2012-08-22 16:21:28 +02:00
Gregory Colpart
e7a7f26951
Patch to have compatibility with poor non-IPv6 server
2011-11-11 15:47:37 +01:00
Gregory Colpart
11ca1d1599
Improve rocks-solid comportment of the firewall script !
2011-10-21 03:16:40 +02:00
Gregory Colpart
b72c47223a
IPv6 support
2011-10-21 02:06:50 +02:00
Gregory Colpart
60bf2989c4
Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall
2011-08-29 14:45:47 +02:00
Gregory Colpart
2495c3270f
Remove limit on ICMP pings...
2011-08-29 14:45:14 +02:00
Gregory Colpart
94473ada72
Add a new default IP address
2011-08-28 19:32:13 +02:00
Gregory Colpart
14a220a546
We authorize now all NTP traffic by default
2011-07-14 15:23:04 +02:00
Gregory Colpart
1a17daeba4
Fix a bug with var name, and remove _ (uniformization)
2011-06-03 11:53:51 +02:00
Gregory Colpart
053f3d9c4e
Modify default NTP address
2011-05-06 14:43:14 +02:00
Gregory Colpart
a46b97845c
Allow all DNS requests by default
2011-04-19 15:51:15 +02:00
Gregory Colpart
afde581d3b
Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall
2011-04-02 12:14:16 +02:00
Gregory Colpart
47fd56a25a
Improve copyrigth and infos
2011-04-02 12:12:49 +02:00
Gregory Colpart
27fe1213f5
Open HTTPS by default
2011-04-02 12:01:59 +02:00
Colin Darie
57135c932d
Make minifirewall executable
...
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:01:59 +02:00
Colin Darie
44739ce82a
Added an example of cron script to daily reload iptables
...
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:01:58 +02:00
Colin Darie
821af4d12f
Added a SMTP_SECURE_OK rule (port 465)
...
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:01:58 +02:00
Colin Darie
fc4f8194ae
Fix warning d'une syntaxe iptable dépréciée
...
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:01:58 +02:00
Colin Darie
dc7c45c43f
LSBization de l'init script
...
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:01:26 +02:00
Colin Darie
089fa24606
fix syntaxe dépréciée dans le nouveau iptables
...
le message renvoyé était le suivant:
Using intrapositioned negation (`--option ! this`) is deprecated in
favor of extrapositioned (`! --option this`)
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:00:28 +02:00
Colin Darie
9feded0d21
La directive INTIP n'est pas (plus?) utilisée
...
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:00:28 +02:00
Romain Dessort
4a2e9813b5
Ajout de l'URL mirror.evolix.org dans la liste des sites autorisés.
2011-04-02 12:00:28 +02:00
Thomas Martin
ac9400aa8c
check correct sourcing of configuration file, and exit if it fails
2011-04-02 12:00:28 +02:00
Gregory Colpart
910c3f7063
Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall
2010-09-13 13:49:31 +02:00
Gregory Colpart
1cdb7af52c
Add a new IP in default configuration
2010-09-13 13:48:26 +02:00
Romain Dessort
530ed78833
Ajout de l'URL mirror.evolix.org dans la liste des sites autorisés.
2010-06-23 10:45:35 +02:00
Thomas Martin
abc84e2b0b
check correct sourcing of configuration file, and exit if it fails
2010-06-09 19:27:19 +02:00
Gregory Colpart
1efde5a186
Add script to download RIPENCC and APNIC blocs
2010-03-02 20:20:12 +01:00
Gregory Colpart
f07fe301ba
Bug !!! Conf file is source twice...
2010-03-02 20:16:02 +01:00
Gregory Colpart
63108ad27d
Modifications avec spalma :
...
- Activation des regles en "-t nat"
- Flush des regles specifiques lors du stop avant leurs destructions
2010-02-19 16:56:32 +01:00
Gregory Colpart
3c7c7d8490
On ne DROP pas le FORWARD par defaut (pas d'interet en general, et utile pour les dom0)
2009-08-29 18:59:58 +02:00
Gregory Colpart
60b0b1c5d0
Improve default rules
2009-08-14 11:42:59 +02:00
Gregory Colpart
7ff2fd64c4
Add script for blacklist countries with RIPE LIR informations
2009-08-13 01:01:59 +02:00
Gregory Colpart
c3a66eb333
Add NEEDRESTRICT chain to deny some services by free rules
...
Somes improvements
2009-08-12 13:21:53 +02:00
Gregory Colpart
b3fb2ce6b9
Import files from http://www.gcolpart.com/hacks/
2009-08-10 19:02:09 +02:00