Jérémy Lecour
25893ee66b
Release 22.03.1
2022-03-15 18:57:30 +01:00
Jérémy Lecour
e269e86341
remove comments
2022-03-15 18:55:13 +01:00
Jérémy Lecour
6e6a2d9a82
Release 22.03
2022-03-15 16:37:20 +01:00
Jérémy Lecour
aada44e1f2
Merge branch 'master' into includes
2022-03-15 16:32:08 +01:00
Jérémy Lecour
0041789d5e
improve docs and merge 45f04e
2022-03-15 16:27:26 +01:00
Jérémy Lecour
c36be1c9c9
Add variables and documentation for sysctl variables ( fixes #7 )
2022-03-15 16:27:26 +01:00
Jérémy Dubois
ba12a45d8a
Revert "Apply policy of IPv4 to IPv6"
...
This reverts commit f52971a173
which was a mistake : theses rules match a return packet
incoming on the server, not a new one.
2022-01-27 10:15:45 +01:00
Jérémy Dubois
f52971a173
Apply policy of IPv4 to IPv6
...
We close almost all to be sure that nothing works if we don't configure it
2022-01-24 11:09:36 +01:00
Ludovic Poujol
45f04e322a
Add warning on port opening for docker
2022-01-12 12:04:56 +01:00
Jérémy Lecour
e7aaefef9a
Release 21.12
2021-12-06 17:32:21 +01:00
Jérémy Lecour
3b4ffec174
Document helper functions that are accessible inincluded files
2021-09-14 12:47:32 +02:00
Jérémy Lecour
cfa1c20332
Add IPv6 support on many macros
2021-09-14 11:05:59 +02:00
Ludovic Poujol
79c1790564
WIP - IPv6 Handleing for output authorisation
2021-09-14 09:12:08 +02:00
Jérémy Lecour
ad024bac8f
valeur de IPV6 avec simples quotes
2021-06-04 14:08:04 +02:00
Jérémy Lecour
aa67894438
Ouverture totale de HTTPSITES par défaut
2021-06-04 14:07:21 +02:00
Jérémy Lecour
9ae2a03955
proxy: simplification de la boucle
2021-06-04 14:06:37 +02:00
Jérémy Lecour
f87bbe5442
add macro for proxy
2021-05-26 13:20:12 +02:00
Jérémy Lecour
0f93e8e75e
fixup! store includes in /etc/minifirewall.d
2021-05-26 13:13:26 +02:00
Jérémy Lecour
275a4c5bab
Add macro for backup servers
2021-05-26 13:12:56 +02:00
Jérémy Lecour
800448ff97
update verison
2021-05-22 23:22:31 +02:00
Jérémy Lecour
c48534146a
Source files in /etc/default/minifirewall.d
2021-05-22 09:11:49 +02:00
Jérémy Dubois
9898ff9e62
Put our IPs back in the TRUSTEDIPS variable
...
The TRUSTEDIPS variable is the public reference for Evolix IPs
2021-02-05 15:28:07 +01:00
Jérémy Lecour
80307172af
Remove volatile.debian.org from HTTPSITES
...
This domain doesn't exist anymore.
2021-01-14 08:16:50 +01:00
Jérémy Lecour
7126d70982
Update copyright and add version number
2020-12-01 22:55:59 +01:00
Gregory Colpart
5a907b1ce0
new policy for default ports: we close almost all to be sure that nothing works if we don't configure it
...
nouvelle politique d'ouverture des ports par défaut : on ferme quasi tout pour que rien ne marche ou presque si on ne configure rien
2020-09-22 16:59:39 +02:00
Jérémy Lecour
ba193f22fa
Change public SSH port from 2222 to 22222
2020-08-28 18:26:59 +02:00
Ludovic Poujol
7c384a777b
Better handling of Docker to match the usual minifirewall behaviour
...
Revert some changes from 0ec2cb2f4b
like the SERVICESTCP4 SERVICESUDP4
Instead, we'll re-create the usual behaviour of public, privileged and
trusted ports for docker when the variable DOCKER is set to "on"
2020-07-27 10:33:40 +02:00
Ludovic Poujol
0ec2cb2f4b
Make it compatible with docker
...
Add a new variable "DOCKER" that should be set to "on" when this is a
docker machine.
It will
- Disable the nat tables flush on stop/restart
Reason : Not breaking outgoing networking for containers
- Create the "DOCKER-USER" chain, and add a DROP
By default everything is closed and we don't expose services to the
outside world
- Add rules in the "DOCKER-USER" chain to open services to the outside
world.
Untested with swarm
2020-02-25 16:33:24 +01:00
Ludovic Poujol
30041b8949
Fix IPV6 var not being defined on stop
2020-02-21 16:26:41 +01:00
Romain Dessort
9ebb5fe748
Add security-cdn.debian.org to HTTPSITES whitelist
...
Debian migrated its security.debian.org repository to Fastly CDN
(security-cdn.debian.org) so we have to whitelist it too to make
security upgrades possible.
2018-01-29 11:22:46 -05:00
Jérémy Lecour
afdfc00a67
Add letsencrypt in HTTPSITES
2017-05-16 09:58:16 +02:00
Victor LABORIE
dba28b0679
Remove obsolete srv domain
2016-08-09 12:40:14 +02:00
Gregory Colpart
164d727e8e
Remove obsolete IP addr
2015-12-07 17:20:51 +01:00
Gregory Colpart
4ea10ccc83
Improve configuration file
2015-09-13 20:13:05 +02:00
Gregory Colpart
9579cfe991
Fix #1565 . Use now /etc/default/minifirewall for config file!
2015-09-13 17:15:40 +02:00