Commit Graph

  • 9898ff9 (HEAD -> master) Put our IPs back in the TRUSTEDIPS variable by Jeremy Dubois 2021-02-05 15:25:28 +0100
  • 8030717 Remove volatile.debian.org from HTTPSITES by Jeremy Lecour 2021-01-14 08:16:50 +0100
  • 7126d70 Update copyright and add version number by Jeremy Lecour 2020-12-01 22:55:59 +0100
  • a432511 (nftables) Add per host output autorisation capability by Tristan PILAT 2020-11-18 18:10:27 +0100
  • c59e63d fixup! Update/Add section titles by Tristan PILAT 2020-11-18 18:01:35 +0100
  • 86ffdfc Accept any ICMPv6 input traffic by Tristan PILAT 2020-11-18 18:01:09 +0100
  • 36634a7 We have to accepted output ICMP and IGMP since we drop output traffic by default by Tristan PILAT 2020-11-18 18:00:01 +0100
  • ba865fa Add IPv6 compatibility by Tristan PILAT 2020-11-18 17:56:11 +0100
  • ab2a7e9 Let's use the new ip_type function by Tristan PILAT 2020-11-18 17:52:35 +0100
  • 519a0f9 Add a function to tell whether an IP is a v4 or v6 one by Tristan PILAT 2020-11-18 17:49:35 +0100
  • 520b889 Delete drop rules for output since it is the default policy now by Tristan PILAT 2020-11-18 17:47:54 +0100
  • 550af6e Change output default policy to drop by Tristan PILAT 2020-11-18 17:46:41 +0100
  • 7a1adbd Update/Add section titles by Tristan PILAT 2020-11-18 17:45:52 +0100
  • 6bc1b75 Update blacklist-countries.sh script to be used with nftables by Tristan PILAT 2020-10-14 17:21:54 +0200
  • 1b19f70 We need flags interval to be able to use CIDR notation in minifirewall_privileged_ips and minifirewall_trusted_ips sets by Tristan PILAT 2020-10-14 17:21:00 +0200
  • 948a3ae We want to drop traffic coming to protected TCP/UDP ports by Tristan PILAT 2020-10-14 17:18:03 +0200
  • 1c1d548 Add rules to redirsct traffic from blocked IPs to protected_tcp_pots and protected_udp_ports chains by Tristan PILAT 2020-10-14 17:16:17 +0200
  • 6a46ca7 Add a set for the blocked IP addresses by Tristan PILAT 2020-10-14 17:14:23 +0200
  • 5af8fad It's easier to just accept all icmp by Tristan PILAT 2020-10-14 16:49:23 +0200
  • 79f6d47 Remove commented and useless rules by Tristan PILAT 2020-10-14 16:48:39 +0200
  • 5a907b1 new policy for default ports: we close almost all to be sure that nothing works if we don't configure it nouvelle politique d'ouverture des ports par défaut : on ferme quasi tout pour que rien ne marche ou presque si on ne configure rien by Gregory Colpart 2020-09-22 16:59:39 +0200
  • 4781ef5 Don't prevent ICMP replies to go out and only drop TCP and UDP by Tristan PILAT 2020-09-07 11:18:52 +0200
  • 5f4787d Until we get a nftables version of the Docker rules present for iptables, remove iptables commented out part for Docker. by Tristan PILAT 2020-09-07 11:17:34 +0200
  • c7d0d68 Simplification of the input ICMP et IGMP rules by Tristan PILAT 2020-09-07 11:14:07 +0200
  • 9169a9f Include rules in the if statements + add comments for every output rules by Tristan PILAT 2020-08-31 17:08:30 +0200
  • 585c16c minifirewall script has been renamed to minifirewall-{start,stop}.sh by Tristan PILAT 2020-08-31 09:48:48 +0200
  • 286fe62 Add initial work for output filtering by Tristan PILAT 2020-08-31 09:47:35 +0200
  • ba193f2 Change public SSH port from 2222 to 22222 by Jeremy Lecour 2020-08-28 18:26:59 +0200
  • 129b323 First nftables version of minifirewall by Tristan PILAT 2020-08-24 16:59:15 +0200
  • 3bcaee5 Merge pull request 'Docker handling' (#5) from docker into master by Ludovic Poujol 2020-07-27 10:43:26 +0200
  • 7c384a7 (refs/pull/5/head, docker) Better handling of Docker to match the usual minifirewall behaviour by Ludovic Poujol 2020-07-02 17:48:22 +0200
  • c7c5e98 (refs/pull/6/head, ipset-denylist) WIP: Added a way to block ASNs and IPs with ipset by Benoit S 2020-07-22 10:31:47 +0900
  • 0ec2cb2 Make it compatible with docker by Ludovic Poujol 2020-02-21 16:33:15 +0100
  • 30041b8 Fix IPV6 var not being defined on stop by Ludovic Poujol 2020-02-21 16:26:41 +0100
  • 60ca9f6 Update project URL in comment by Ludovic Poujol 2020-02-17 10:54:01 +0100
  • 4cce499 (dev) Full IPv6 support by Victor LABORIE 2017-03-17 15:44:22 +0100
  • 42e18e5 Add a Vagrantfile for testing by Victor LABORIE 2019-06-04 17:43:26 +0200
  • 326547f Fix typo in install doc by Victor LABORIE 2019-06-04 17:40:26 +0200
  • e80979e Minifirewall is now under GPLv3 license by Victor LABORIE 2019-06-04 16:53:34 +0200
  • 6846263 Update README.md by Victor LABORIE 2019-06-04 16:48:27 +0200
  • 979b7e2 Add missing variables in SMTPSECUREOK and SMTPOK loops by Tristan PILAT 2018-08-28 15:39:58 +0200
  • 9ebb5fe Add security-cdn.debian.org to HTTPSITES whitelist by Romain Dessort 2018-01-29 11:22:46 -0500
  • b3b58a9 (debian-sid) Use a better method to install files by Benoît SÉRIE 2017-08-05 23:02:14 +0200
  • fd49d00 Do not use dh_install. by Benoît SÉRIE 2017-08-05 22:35:03 +0200
  • b57bf34 dpkg-source --commit add PACKAGING.md by Benoît SÉRIE 2017-08-05 22:03:09 +0200
  • 30a3d60 Packaging branch by Benoît SÉRIE 2017-08-05 21:59:04 +0200
  • f21d58f (systemd) Add a systemd unit by Victor LABORIE 2017-08-03 20:22:04 +0200
  • 0450c12 Merge branch 'ocsp-letsencrypt' by Jeremy Lecour 2017-05-16 09:59:47 +0200
  • afdfc00 Add letsencrypt in HTTPSITES by Jeremy Lecour 2017-05-16 09:58:16 +0200
  • dba28b0 Remove obsolete srv domain by Victor LABORIE 2016-08-09 12:40:14 +0200
  • 164d727 Remove obsolete IP addr by Gregory Colpart 2015-12-07 17:19:35 +0100
  • b6a47de Added quote to $IPV6 variables. by Benoît SÉRIE 2015-10-21 10:45:39 +0200
  • 02d6447 Fix bug with IPv6. by Tristan PILAT 2015-10-19 10:59:00 +0200
  • 4864872 Rename README -> README.md for Redmine / Github by Gregory Colpart 2015-09-13 20:40:56 +0200
  • 2943a7d Improve output messages by Gregory Colpart 2015-09-13 20:31:04 +0200
  • 52f1773 Fix bug in old config detection by Gregory Colpart 2015-09-13 20:21:55 +0200
  • 4ea10cc Improve configuration file by Gregory Colpart 2015-09-13 20:13:05 +0200
  • 2f561a6 Improve descriptions / comments (switch all in english, etc.) by Gregory Colpart 2015-09-13 18:37:53 +0200
  • 9579cfe Fix #1565. Use now /etc/default/minifirewall for config file! by Gregory Colpart 2015-09-13 17:14:32 +0200
  • 6bc560b Add default rule for IPv6 DNS responses by Gregory Colpart 2015-03-13 01:55:13 +0100
  • 283ff11 Added SpamAssassin update repo URLs. by Benoît SÉRIE 2015-01-20 17:16:42 +0100
  • 2d2fded use same syntax for all ip6tables rules by Gregory Colpart 2015-01-12 20:54:17 +0100
  • ebbee1a Modify URL to track country ip blocks by Gregory Colpart 2015-01-12 20:45:27 +0100
  • ec0b8ff Added to HTTPSITES zidane and antismap00. by Benoît SÉRIE 2015-01-02 14:07:17 +0100
  • 5525ff3 Adding new IP address for Evolix by Arnaud Tomeï 2014-12-24 16:23:05 +0100
  • d452c16 Duplicate rule by Gregory Colpart 2014-09-11 23:33:33 +0200
  • f3674af Allow Input DNS on IPv6. by Benoît SÉRIE 2014-07-25 14:21:42 +0200
  • 5275f8d Moves rules from firewall.rc to minifirewall core. by Benoît SÉRIE 2014-05-22 17:38:00 +0200
  • 57ae4df Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall by Romain Dessort 2014-05-09 11:09:52 +0200
  • 0eda844 Add delegated CIDR for AFRINIC and LACNIC. by Romain Dessort 2014-05-09 11:08:32 +0200
  • 705c468 Allow all output on lo interface for IPv6. by Benoît SÉRIE 2014-03-12 16:22:15 +0100
  • ce1d628 Adding rules for DHCPv6. by Benoît SÉRIE 2013-12-13 11:22:27 +0100
  • 8ed3c72 Adding hwraid.le-vert.net in HTTPSITES by Benoît SÉRIE 2013-10-31 14:11:07 +0100
  • 6c162c5 Fixing typo in HTTPSITES. by Benoît SÉRIE 2013-06-07 14:43:54 +0200
  • 6df7c86 Add http://backports.debian.org by default by Gregory Colpart 2013-05-06 16:07:53 +0200
  • 7d3d928 Improve new UDP rules to DROP by default by Gregory Colpart 2012-11-14 00:55:35 +0100
  • ec14ee9 Last committer removed the IPv4 UDP rules?! Re-adding. by Benoît SÉRIE 2012-11-09 10:05:34 +0100
  • f84add8 Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall by Gregory Colpart 2012-10-29 12:28:55 +0100
  • f714700 Allow SMTP IPv6 by Gregory Colpart 2012-10-29 12:25:41 +0100
  • 7795b71 Add rules to open traceroute UDP port. by Romain Dessort 2012-10-24 10:32:05 +0200
  • b57dddf By default allow outgoing packets on loopback. This is needed since the new policy of dropping all outgoing UDP packets, especially when there is a local bind. by Benoît SÉRIE 2012-10-08 16:19:22 +0200
  • 44bb592 Amelioration added for blocking output UDP. by Benoît SÉRIE 2012-10-03 14:21:04 +0200
  • b5412ce Adding rules to block outgoing UDP trafic except for DNS and NTP. by Benoît SÉRIE 2012-08-22 16:21:28 +0200
  • e7a7f26 Patch to have compatibility with poor non-IPv6 server by Gregory Colpart 2011-11-11 15:47:37 +0100
  • 11ca1d1 Improve rocks-solid comportment of the firewall script ! by Gregory Colpart 2011-10-21 02:10:24 +0200
  • b72c472 IPv6 support by Gregory Colpart 2011-10-21 02:06:50 +0200
  • 60bf298 Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall by Gregory Colpart 2011-08-29 14:45:47 +0200
  • 2495c32 Remove limit on ICMP pings... by Gregory Colpart 2011-08-29 14:45:14 +0200
  • 94473ad Add a new default IP address by Gregory Colpart 2011-08-28 19:32:13 +0200
  • 14a220a We authorize now all NTP traffic by default by Gregory Colpart 2011-07-14 15:23:04 +0200
  • 1a17dae Fix a bug with var name, and remove _ (uniformization) by Gregory Colpart 2011-06-03 11:53:51 +0200
  • 053f3d9 Modify default NTP address by Gregory Colpart 2011-05-06 14:43:14 +0200
  • a46b978 Allow all DNS requests by default by Gregory Colpart 2011-04-19 15:51:15 +0200
  • afde581 Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall by Gregory Colpart 2011-04-02 12:14:16 +0200
  • 47fd56a Improve copyrigth and infos by Gregory Colpart 2011-04-02 12:12:49 +0200
  • 27fe121 Open HTTPS by default by Gregory Colpart 2011-04-02 11:48:19 +0200
  • 57135c9 Make minifirewall executable by Colin Darie 2011-03-25 19:10:06 +0100
  • 44739ce Added an example of cron script to daily reload iptables by Colin Darie 2011-03-25 19:08:45 +0100
  • 821af4d Added a SMTP_SECURE_OK rule (port 465) by Colin Darie 2011-03-25 19:02:45 +0100
  • fc4f819 Fix warning d'une syntaxe iptable dépréciée by Colin Darie 2011-03-25 18:52:28 +0100