Commit Graph

13 Commits

Author SHA1 Message Date
Jérémy Lecour 80307172af Remove volatile.debian.org from HTTPSITES
This domain doesn't exist anymore.
2021-01-14 08:16:50 +01:00
Jérémy Lecour 7126d70982 Update copyright and add version number 2020-12-01 22:55:59 +01:00
Gregory Colpart 5a907b1ce0 new policy for default ports: we close almost all to be sure that nothing works if we don't configure it
nouvelle politique d'ouverture des ports par défaut : on ferme quasi tout pour que rien ne marche ou presque si on ne configure rien
2020-09-22 16:59:39 +02:00
Jérémy Lecour ba193f22fa Change public SSH port from 2222 to 22222 2020-08-28 18:26:59 +02:00
Ludovic Poujol 7c384a777b
Better handling of Docker to match the usual minifirewall behaviour
Revert some changes from 0ec2cb2f4b
like the SERVICESTCP4 SERVICESUDP4

Instead, we'll re-create the usual behaviour of public, privileged and
trusted ports for docker when the variable DOCKER is set to "on"
2020-07-27 10:33:40 +02:00
Ludovic Poujol 0ec2cb2f4b
Make it compatible with docker
Add a new variable "DOCKER" that should be set to "on" when this is a
docker machine.

It will
- Disable the nat tables flush on stop/restart
  Reason : Not breaking outgoing networking for containers

- Create the "DOCKER-USER" chain, and add a DROP
  By default everything is closed and we don't expose services to the
  outside world

- Add rules in the "DOCKER-USER" chain to open services to the outside
  world.

Untested with swarm
2020-02-25 16:33:24 +01:00
Ludovic Poujol 30041b8949
Fix IPV6 var not being defined on stop 2020-02-21 16:26:41 +01:00
Romain Dessort 9ebb5fe748 Add security-cdn.debian.org to HTTPSITES whitelist
Debian migrated its security.debian.org repository to Fastly CDN
(security-cdn.debian.org) so we have to whitelist it too to make
security upgrades possible.
2018-01-29 11:22:46 -05:00
Jérémy Lecour afdfc00a67 Add letsencrypt in HTTPSITES 2017-05-16 09:58:16 +02:00
Victor LABORIE dba28b0679 Remove obsolete srv domain 2016-08-09 12:40:14 +02:00
Gregory Colpart 164d727e8e Remove obsolete IP addr 2015-12-07 17:20:51 +01:00
Gregory Colpart 4ea10ccc83 Improve configuration file 2015-09-13 20:13:05 +02:00
Gregory Colpart 9579cfe991 Fix #1565. Use now /etc/default/minifirewall for config file! 2015-09-13 17:15:40 +02:00
Renamed from firewall.rc (Browse further)