evolix/minifirewall
21
0
Fork 0
Code Issues 4 Pull requests 3 Releases 1 Activity
105 commits 9 branches 1 tag 249 KiB
Commit graph

22 commits

Author SHA1 Message Date
Tristan PILAT a432511b04 Add per host output autorisation capability 2020-11-18 18:10:27 +01:00
Tristan PILAT c59e63d44d fixup! Update/Add section titles 2020-11-18 18:01:35 +01:00
Tristan PILAT 86ffdfc916 Accept any ICMPv6 input traffic 2020-11-18 18:01:09 +01:00
Tristan PILAT 36634a705f We have to accepted output ICMP and IGMP since we drop output traffic by default 2020-11-18 18:00:28 +01:00
Tristan PILAT ba865faf0a Add IPv6 compatibility 2020-11-18 17:56:11 +01:00
Tristan PILAT ab2a7e9eb0 Let's use the new ip_type function 2020-11-18 17:54:11 +01:00
Tristan PILAT 519a0f9c60 Add a function to tell whether an IP is a v4 or v6 one 2020-11-18 17:54:11 +01:00
Tristan PILAT 520b8893f0 Delete drop rules for output since it is the default policy now 2020-11-18 17:54:11 +01:00
Tristan PILAT 550af6e21f Change output default policy to drop 2020-11-18 17:54:10 +01:00
Tristan PILAT 7a1adbdf39 Update/Add section titles 2020-11-18 17:54:10 +01:00
Tristan PILAT 1b19f7084b We need flags interval to be able to use CIDR notation in minifirewall_privileged_ips and minifirewall_trusted_ips sets 2020-10-14 17:21:00 +02:00
Tristan PILAT 948a3aeeb2 We want to drop traffic coming to protected TCP/UDP ports 2020-10-14 17:18:03 +02:00
Tristan PILAT 1c1d5480bc Add rules to redirsct traffic from blocked IPs to protected_tcp_pots and protected_udp_ports chains 2020-10-14 17:16:17 +02:00
Tristan PILAT 6a46ca716b Add a set for the blocked IP addresses 2020-10-14 17:14:23 +02:00
Tristan PILAT 5af8fad976 It's easier to just accept all icmp 2020-10-14 16:49:23 +02:00
Tristan PILAT 79f6d47a6c Remove commented and useless rules 2020-10-14 16:48:39 +02:00
Tristan PILAT 4781ef509c Don't prevent ICMP replies to go out and only drop TCP and UDP 2020-09-07 11:18:52 +02:00
Tristan PILAT 5f4787d3fd Until we get a nftables version of the Docker rules present for iptables, remove iptables commented out part for Docker. 2020-09-07 11:17:34 +02:00
Tristan PILAT c7d0d6820b Simplification of the input ICMP et IGMP rules 2020-09-07 11:14:41 +02:00
Tristan PILAT 9169a9f0b0 Include rules in the if statements + add comments for every output rules 2020-08-31 17:08:30 +02:00
Tristan PILAT 286fe62de5 Add initial work for output filtering 2020-08-31 09:47:35 +02:00
Tristan PILAT 129b323f80 First nftables version of minifirewall 2020-08-24 16:59:15 +02:00