Jérémy Lecour
e02be5b852
Surround variable names with curly braces
2021-05-22 09:34:35 +02:00
Jérémy Lecour
9a9fc7fd44
squid command seems obsolete
2021-05-22 09:23:31 +02:00
Jérémy Lecour
72e3729a78
Extract main functions
2021-05-22 09:23:14 +02:00
Jérémy Lecour
c48534146a
Source files in /etc/default/minifirewall.d
2021-05-22 09:11:49 +02:00
Jérémy Dubois
9898ff9e62
Put our IPs back in the TRUSTEDIPS variable
...
The TRUSTEDIPS variable is the public reference for Evolix IPs
2021-02-05 15:28:07 +01:00
Jérémy Lecour
80307172af
Remove volatile.debian.org from HTTPSITES
...
This domain doesn't exist anymore.
2021-01-14 08:16:50 +01:00
Jérémy Lecour
7126d70982
Update copyright and add version number
2020-12-01 22:55:59 +01:00
Gregory Colpart
5a907b1ce0
new policy for default ports: we close almost all to be sure that nothing works if we don't configure it
...
nouvelle politique d'ouverture des ports par défaut : on ferme quasi tout pour que rien ne marche ou presque si on ne configure rien
2020-09-22 16:59:39 +02:00
Jérémy Lecour
ba193f22fa
Change public SSH port from 2222 to 22222
2020-08-28 18:26:59 +02:00
Ludovic Poujol
3bcaee5b58
Merge pull request 'Docker handling' ( #5 ) from docker into master
...
Reviewed-on: #5
2020-07-27 10:43:26 +02:00
Ludovic Poujol
7c384a777b
Better handling of Docker to match the usual minifirewall behaviour
...
Revert some changes from 0ec2cb2f4b
like the SERVICESTCP4 SERVICESUDP4
Instead, we'll re-create the usual behaviour of public, privileged and
trusted ports for docker when the variable DOCKER is set to "on"
2020-07-27 10:33:40 +02:00
Ludovic Poujol
0ec2cb2f4b
Make it compatible with docker
...
Add a new variable "DOCKER" that should be set to "on" when this is a
docker machine.
It will
- Disable the nat tables flush on stop/restart
Reason : Not breaking outgoing networking for containers
- Create the "DOCKER-USER" chain, and add a DROP
By default everything is closed and we don't expose services to the
outside world
- Add rules in the "DOCKER-USER" chain to open services to the outside
world.
Untested with swarm
2020-02-25 16:33:24 +01:00
Ludovic Poujol
30041b8949
Fix IPV6 var not being defined on stop
2020-02-21 16:26:41 +01:00
Ludovic Poujol
60ca9f67b2
Update project URL in comment
2020-02-17 10:54:01 +01:00
Victor LABORIE
42e18e57fd
Add a Vagrantfile for testing
2019-06-04 17:43:26 +02:00
Victor LABORIE
326547fba3
Fix typo in install doc
2019-06-04 17:40:26 +02:00
Victor LABORIE
e80979e04d
Minifirewall is now under GPLv3 license
2019-06-04 16:53:34 +02:00
Victor LABORIE
6846263daa
Update README.md
2019-06-04 16:48:27 +02:00
Tristan PILAT
979b7e2d03
Add missing variables in SMTPSECUREOK and SMTPOK loops
2018-08-28 15:39:58 +02:00
Romain Dessort
9ebb5fe748
Add security-cdn.debian.org to HTTPSITES whitelist
...
Debian migrated its security.debian.org repository to Fastly CDN
(security-cdn.debian.org) so we have to whitelist it too to make
security upgrades possible.
2018-01-29 11:22:46 -05:00
Jérémy Lecour
0450c12f5d
Merge branch 'ocsp-letsencrypt'
2017-05-16 09:59:47 +02:00
Jérémy Lecour
afdfc00a67
Add letsencrypt in HTTPSITES
2017-05-16 09:58:16 +02:00
Victor LABORIE
dba28b0679
Remove obsolete srv domain
2016-08-09 12:40:14 +02:00
Gregory Colpart
164d727e8e
Remove obsolete IP addr
2015-12-07 17:20:51 +01:00
Benoît S.
b6a47dea0d
Added quote to $IPV6 variables.
2015-10-21 10:45:39 +02:00
Tristan PILAT
02d6447a10
Fix bug with IPv6.
...
When IPv6=off don't use ip6tables in stop and reset function.
2015-10-19 10:59:00 +02:00
Gregory Colpart
4864872586
Rename README -> README.md for Redmine / Github
2015-09-13 20:40:56 +02:00
Gregory Colpart
2943a7d58c
Improve output messages
2015-09-13 20:31:04 +02:00
Gregory Colpart
52f177303c
Fix bug in old config detection
2015-09-13 20:21:55 +02:00
Gregory Colpart
4ea10ccc83
Improve configuration file
2015-09-13 20:13:05 +02:00
Gregory Colpart
2f561a6172
Improve descriptions / comments (switch all in english, etc.)
2015-09-13 18:37:53 +02:00
Gregory Colpart
9579cfe991
Fix #1565 . Use now /etc/default/minifirewall for config file!
2015-09-13 17:15:40 +02:00
Gregory Colpart
6bc560b66a
Add default rule for IPv6 DNS responses
2015-03-13 01:55:13 +01:00
Benoît S.
283ff1161f
Added SpamAssassin update repo URLs.
2015-01-20 17:17:10 +01:00
Gregory Colpart
2d2fded0ac
use same syntax for all ip6tables rules
2015-01-12 20:54:17 +01:00
Gregory Colpart
ebbee1ac84
Modify URL to track country ip blocks
2015-01-12 20:45:27 +01:00
Benoît S.
ec0b8ffef5
Added to HTTPSITES zidane and antismap00.
2015-01-02 14:07:17 +01:00
Arnaud Tomeï
5525ff343f
Adding new IP address for Evolix
2014-12-24 16:23:05 +01:00
Gregory Colpart
d452c16bc6
Duplicate rule
2014-09-11 23:33:33 +02:00
Benoît S.
f3674af0db
Allow Input DNS on IPv6.
...
Used when a slave respond to a master notification in bind for example.
2014-07-25 14:21:42 +02:00
Benoît S.
5275f8d7e2
Moves rules from firewall.rc to minifirewall core.
2014-05-22 17:38:00 +02:00
Romain Dessort
57ae4df6e7
Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall
2014-05-09 11:09:52 +02:00
Romain Dessort
0eda844bba
Add delegated CIDR for AFRINIC and LACNIC.
2014-05-09 11:08:32 +02:00
Benoît S.
705c4683a2
Allow all output on lo interface for IPv6.
2014-03-12 16:22:15 +01:00
Benoît S.
ce1d628516
Adding rules for DHCPv6.
2013-12-13 11:22:27 +01:00
Benoît S.
8ed3c722ce
Adding hwraid.le-vert.net in HTTPSITES
2013-10-31 14:11:07 +01:00
Benoît S.
6c162c516b
Fixing typo in HTTPSITES.
2013-06-07 14:43:54 +02:00
Gregory Colpart
6df7c86ccf
Add http://backports.debian.org by default
2013-05-06 16:07:53 +02:00
Gregory Colpart
7d3d928e02
Improve new UDP rules to DROP by default
2012-11-14 00:55:35 +01:00
Benoît S.
ec14ee9f3e
Last committer removed the IPv4 UDP rules?! Re-adding.
2012-11-09 10:05:34 +01:00