Jérémy Lecour
c48534146a
Source files in /etc/default/minifirewall.d
2021-05-22 09:11:49 +02:00
Jérémy Lecour
7126d70982
Update copyright and add version number
2020-12-01 22:55:59 +01:00
Ludovic Poujol
7c384a777b
Better handling of Docker to match the usual minifirewall behaviour
...
Revert some changes from 0ec2cb2f4b
like the SERVICESTCP4 SERVICESUDP4
Instead, we'll re-create the usual behaviour of public, privileged and
trusted ports for docker when the variable DOCKER is set to "on"
2020-07-27 10:33:40 +02:00
Ludovic Poujol
0ec2cb2f4b
Make it compatible with docker
...
Add a new variable "DOCKER" that should be set to "on" when this is a
docker machine.
It will
- Disable the nat tables flush on stop/restart
Reason : Not breaking outgoing networking for containers
- Create the "DOCKER-USER" chain, and add a DROP
By default everything is closed and we don't expose services to the
outside world
- Add rules in the "DOCKER-USER" chain to open services to the outside
world.
Untested with swarm
2020-02-25 16:33:24 +01:00
Ludovic Poujol
30041b8949
Fix IPV6 var not being defined on stop
2020-02-21 16:26:41 +01:00
Ludovic Poujol
60ca9f67b2
Update project URL in comment
2020-02-17 10:54:01 +01:00
Victor LABORIE
e80979e04d
Minifirewall is now under GPLv3 license
2019-06-04 16:53:34 +02:00
Tristan PILAT
979b7e2d03
Add missing variables in SMTPSECUREOK and SMTPOK loops
2018-08-28 15:39:58 +02:00
Benoît S.
b6a47dea0d
Added quote to $IPV6 variables.
2015-10-21 10:45:39 +02:00
Tristan PILAT
02d6447a10
Fix bug with IPv6.
...
When IPv6=off don't use ip6tables in stop and reset function.
2015-10-19 10:59:00 +02:00
Gregory Colpart
2943a7d58c
Improve output messages
2015-09-13 20:31:04 +02:00
Gregory Colpart
52f177303c
Fix bug in old config detection
2015-09-13 20:21:55 +02:00
Gregory Colpart
2f561a6172
Improve descriptions / comments (switch all in english, etc.)
2015-09-13 18:37:53 +02:00
Gregory Colpart
9579cfe991
Fix #1565 . Use now /etc/default/minifirewall for config file!
2015-09-13 17:15:40 +02:00
Benoît S.
5275f8d7e2
Moves rules from firewall.rc to minifirewall core.
2014-05-22 17:38:00 +02:00
Benoît S.
705c4683a2
Allow all output on lo interface for IPv6.
2014-03-12 16:22:15 +01:00
Gregory Colpart
7d3d928e02
Improve new UDP rules to DROP by default
2012-11-14 00:55:35 +01:00
Benoît S.
b57dddf917
By default allow outgoing packets on loopback. This is needed since the new
...
policy of dropping all outgoing UDP packets, especially when there is a local
bind.
2012-10-08 16:19:22 +02:00
Benoît S.
44bb5925eb
Amelioration added for blocking output UDP.
2012-10-03 14:21:04 +02:00
Gregory Colpart
e7a7f26951
Patch to have compatibility with poor non-IPv6 server
2011-11-11 15:47:37 +01:00
Gregory Colpart
11ca1d1599
Improve rocks-solid comportment of the firewall script !
2011-10-21 03:16:40 +02:00
Gregory Colpart
b72c47223a
IPv6 support
2011-10-21 02:06:50 +02:00
Gregory Colpart
2495c3270f
Remove limit on ICMP pings...
2011-08-29 14:45:14 +02:00
Gregory Colpart
1a17daeba4
Fix a bug with var name, and remove _ (uniformization)
2011-06-03 11:53:51 +02:00
Gregory Colpart
47fd56a25a
Improve copyrigth and infos
2011-04-02 12:12:49 +02:00
Colin Darie
57135c932d
Make minifirewall executable
...
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:01:59 +02:00
Colin Darie
821af4d12f
Added a SMTP_SECURE_OK rule (port 465)
...
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:01:58 +02:00
Colin Darie
fc4f8194ae
Fix warning d'une syntaxe iptable dépréciée
...
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:01:58 +02:00
Colin Darie
dc7c45c43f
LSBization de l'init script
...
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:01:26 +02:00
Colin Darie
089fa24606
fix syntaxe dépréciée dans le nouveau iptables
...
le message renvoyé était le suivant:
Using intrapositioned negation (`--option ! this`) is deprecated in
favor of extrapositioned (`! --option this`)
Signed-off-by: Gregory Colpart <reg@evolix.fr>
2011-04-02 12:00:28 +02:00
Thomas Martin
ac9400aa8c
check correct sourcing of configuration file, and exit if it fails
2011-04-02 12:00:28 +02:00
Gregory Colpart
f07fe301ba
Bug !!! Conf file is source twice...
2010-03-02 20:16:02 +01:00
Gregory Colpart
63108ad27d
Modifications avec spalma :
...
- Activation des regles en "-t nat"
- Flush des regles specifiques lors du stop avant leurs destructions
2010-02-19 16:56:32 +01:00
Gregory Colpart
3c7c7d8490
On ne DROP pas le FORWARD par defaut (pas d'interet en general, et utile pour les dom0)
2009-08-29 18:59:58 +02:00
Gregory Colpart
c3a66eb333
Add NEEDRESTRICT chain to deny some services by free rules
...
Somes improvements
2009-08-12 13:21:53 +02:00
Gregory Colpart
b3fb2ce6b9
Import files from http://www.gcolpart.com/hacks/
2009-08-10 19:02:09 +02:00