evolix/minifirewall
21
0
Fork 0
Code Issues 4 Pull requests 3 Releases 1 Activity
37 commits 9 branches 1 tag 249 KiB
Commit graph

37 commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Benoît S. b57dddf917 By default allow outgoing packets on loopback. This is needed since the new 
policy of dropping all outgoing UDP packets, especially when there is a local
bind.
 2012-10-08 16:19:22 +02:00
Benoît S. 44bb5925eb Amelioration added for blocking output UDP. 2012-10-03 14:21:04 +02:00
Benoît S. b5412ce98a Adding rules to block outgoing UDP trafic except for DNS and NTP. 2012-08-22 16:21:28 +02:00
Gregory Colpart e7a7f26951 Patch to have compatibility with poor non-IPv6 server 2011-11-11 15:47:37 +01:00
Gregory Colpart 11ca1d1599 Improve rocks-solid comportment of the firewall script ! 2011-10-21 03:16:40 +02:00
Gregory Colpart b72c47223a IPv6 support 2011-10-21 02:06:50 +02:00
Gregory Colpart 60bf2989c4 Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall 2011-08-29 14:45:47 +02:00
Gregory Colpart 2495c3270f Remove limit on ICMP pings... 2011-08-29 14:45:14 +02:00
Gregory Colpart 94473ada72 Add a new default IP address 2011-08-28 19:32:13 +02:00
Gregory Colpart 14a220a546 We authorize now all NTP traffic by default 2011-07-14 15:23:04 +02:00
Gregory Colpart 1a17daeba4 Fix a bug with var name, and remove _ (uniformization) 2011-06-03 11:53:51 +02:00
Gregory Colpart 053f3d9c4e Modify default NTP address 2011-05-06 14:43:14 +02:00
Gregory Colpart a46b97845c Allow all DNS requests by default 2011-04-19 15:51:15 +02:00
Gregory Colpart afde581d3b Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall 2011-04-02 12:14:16 +02:00
Gregory Colpart 47fd56a25a Improve copyrigth and infos 2011-04-02 12:12:49 +02:00
Gregory Colpart 27fe1213f5 Open HTTPS by default 2011-04-02 12:01:59 +02:00
Colin Darie 57135c932d Make minifirewall executable 
Signed-off-by: Gregory Colpart <reg@evolix.fr>
 2011-04-02 12:01:59 +02:00
Colin Darie 44739ce82a Added an example of cron script to daily reload iptables 
Signed-off-by: Gregory Colpart <reg@evolix.fr>
 2011-04-02 12:01:58 +02:00
Colin Darie 821af4d12f Added a SMTP_SECURE_OK rule (port 465) 
Signed-off-by: Gregory Colpart <reg@evolix.fr>
 2011-04-02 12:01:58 +02:00
Colin Darie fc4f8194ae Fix warning d'une syntaxe iptable dépréciée 
Signed-off-by: Gregory Colpart <reg@evolix.fr>
 2011-04-02 12:01:58 +02:00
Colin Darie dc7c45c43f LSBization de l'init script 
Signed-off-by: Gregory Colpart <reg@evolix.fr>
 2011-04-02 12:01:26 +02:00
Colin Darie 089fa24606 fix syntaxe dépréciée dans le nouveau iptables 
le message renvoyé était le suivant:
Using intrapositioned negation (`--option ! this`) is deprecated in
favor of extrapositioned (`! --option this`)

Signed-off-by: Gregory Colpart <reg@evolix.fr>
 2011-04-02 12:00:28 +02:00
Colin Darie 9feded0d21 La directive INTIP n'est pas (plus?) utilisée 
Signed-off-by: Gregory Colpart <reg@evolix.fr>
 2011-04-02 12:00:28 +02:00
Romain Dessort 4a2e9813b5 Ajout de l'URL mirror.evolix.org dans la liste des sites autorisés. 2011-04-02 12:00:28 +02:00
Thomas Martin ac9400aa8c check correct sourcing of configuration file, and exit if it fails 2011-04-02 12:00:28 +02:00
Gregory Colpart 910c3f7063 Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall 2010-09-13 13:49:31 +02:00
Gregory Colpart 1cdb7af52c Add a new IP in default configuration 2010-09-13 13:48:26 +02:00
Romain Dessort 530ed78833 Ajout de l'URL mirror.evolix.org dans la liste des sites autorisés. 2010-06-23 10:45:35 +02:00
Thomas Martin abc84e2b0b check correct sourcing of configuration file, and exit if it fails 2010-06-09 19:27:19 +02:00
Gregory Colpart 1efde5a186 Add script to download RIPENCC and APNIC blocs 2010-03-02 20:20:12 +01:00
Gregory Colpart f07fe301ba Bug !!! Conf file is source twice... 2010-03-02 20:16:02 +01:00
Gregory Colpart 63108ad27d Modifications avec spalma : 
- Activation des regles en "-t nat"
- Flush des regles specifiques lors du stop avant leurs destructions
 2010-02-19 16:56:32 +01:00
Gregory Colpart 3c7c7d8490 On ne DROP pas le FORWARD par defaut (pas d'interet en general, et utile pour les dom0) 2009-08-29 18:59:58 +02:00
Gregory Colpart 60b0b1c5d0 Improve default rules 2009-08-14 11:42:59 +02:00
Gregory Colpart 7ff2fd64c4 Add script for blacklist countries with RIPE LIR informations 2009-08-13 01:01:59 +02:00
Gregory Colpart c3a66eb333 Add NEEDRESTRICT chain to deny some services by free rules 
Somes improvements
 2009-08-12 13:21:53 +02:00
Gregory Colpart b3fb2ce6b9 Import files from http://www.gcolpart.com/hacks/ 2009-08-10 19:02:09 +02:00