evolix/minifirewall
21
0
Fork 0
Code Issues 4 Pull requests 3 Releases 1 Activity

Commit graph

  • 275a4c5bab Add macro for backup servers Jérémy Lecour 2021-05-26 13:12:15 +0200
  • 9be97b2436 store includes in /etc/minifirewall.d Jérémy Lecour 2021-05-26 13:09:50 +0200
  • 800448ff97 update verison Jérémy Lecour 2021-05-22 23:22:31 +0200
  • dfc91a0689 syntax and readability Jérémy Lecour 2021-05-22 23:14:40 +0200
  • 773d7086fc source configuration with functions Jérémy Lecour 2021-05-22 23:14:27 +0200
  • c9eecabdf8 more expressive variable names Jérémy Lecour 2021-05-22 23:13:00 +0200
  • e071610a37 check for commands Jérémy Lecour 2021-05-22 23:12:09 +0200
  • 9477d47938 Use function to tets ipv6 and docker Jérémy Lecour 2021-05-22 22:46:02 +0200
  • 597042ebf7 more expressive variable names Jérémy Lecour 2021-05-22 22:45:48 +0200
  • c4f9e78677 all variables must be defined Jérémy Lecour 2021-05-22 22:44:47 +0200
  • 372ad8f1d1 whitespaces Jérémy Lecour 2021-05-22 09:46:22 +0200
  • 8eb0180b51 compact syntax for loops Jérémy Lecour 2021-05-22 09:41:29 +0200
  • a3ab1a4f2e variables with better names Jérémy Lecour 2021-05-22 09:35:51 +0200
  • e02be5b852 Surround variable names with curly braces Jérémy Lecour 2021-05-22 09:34:35 +0200
  • 9a9fc7fd44 squid command seems obsolete Jérémy Lecour 2021-05-22 09:23:31 +0200
  • 72e3729a78 Extract main functions Jérémy Lecour 2021-05-22 09:23:14 +0200
  • c48534146a Source files in /etc/default/minifirewall.d Jérémy Lecour 2021-05-22 09:11:49 +0200
  • 9898ff9e62 Put our IPs back in the TRUSTEDIPS variable Jérémy Dubois 2021-02-05 15:25:28 +0100
  • 80307172af Remove volatile.debian.org from HTTPSITES Jérémy Lecour 2021-01-14 08:16:50 +0100
  • 7126d70982 Update copyright and add version number Jérémy Lecour 2020-12-01 22:55:59 +0100
  • a432511b04 Add per host output autorisation capability nftables Tristan PILAT 2020-11-18 18:10:27 +0100
  • c59e63d44d fixup! Update/Add section titles Tristan PILAT 2020-11-18 18:01:35 +0100
  • 86ffdfc916 Accept any ICMPv6 input traffic Tristan PILAT 2020-11-18 18:01:09 +0100
  • 36634a705f We have to accepted output ICMP and IGMP since we drop output traffic by default Tristan PILAT 2020-11-18 18:00:01 +0100
  • ba865faf0a Add IPv6 compatibility Tristan PILAT 2020-11-18 17:56:11 +0100
  • ab2a7e9eb0 Let's use the new ip_type function Tristan PILAT 2020-11-18 17:52:35 +0100
  • 519a0f9c60 Add a function to tell whether an IP is a v4 or v6 one Tristan PILAT 2020-11-18 17:49:35 +0100
  • 520b8893f0 Delete drop rules for output since it is the default policy now Tristan PILAT 2020-11-18 17:47:54 +0100
  • 550af6e21f Change output default policy to drop Tristan PILAT 2020-11-18 17:46:41 +0100
  • 7a1adbdf39 Update/Add section titles Tristan PILAT 2020-11-18 17:45:52 +0100
  • 6bc1b75cd2 Update blacklist-countries.sh script to be used with nftables Tristan PILAT 2020-10-14 17:21:54 +0200
  • 1b19f7084b We need flags interval to be able to use CIDR notation in minifirewall_privileged_ips and minifirewall_trusted_ips sets Tristan PILAT 2020-10-14 17:21:00 +0200
  • 948a3aeeb2 We want to drop traffic coming to protected TCP/UDP ports Tristan PILAT 2020-10-14 17:18:03 +0200
  • 1c1d5480bc Add rules to redirsct traffic from blocked IPs to protected_tcp_pots and protected_udp_ports chains Tristan PILAT 2020-10-14 17:16:17 +0200
  • 6a46ca716b Add a set for the blocked IP addresses Tristan PILAT 2020-10-14 17:14:23 +0200
  • 5af8fad976 It's easier to just accept all icmp Tristan PILAT 2020-10-14 16:49:23 +0200
  • 79f6d47a6c Remove commented and useless rules Tristan PILAT 2020-10-14 16:48:39 +0200
  • 5a907b1ce0 new policy for default ports: we close almost all to be sure that nothing works if we don't configure it nouvelle politique d'ouverture des ports par défaut : on ferme quasi tout pour que rien ne marche ou presque si on ne configure rien Gregory Colpart 2020-09-22 16:59:39 +0200
  • 4781ef509c Don't prevent ICMP replies to go out and only drop TCP and UDP Tristan PILAT 2020-09-07 11:18:52 +0200
  • 5f4787d3fd Until we get a nftables version of the Docker rules present for iptables, remove iptables commented out part for Docker. Tristan PILAT 2020-09-07 11:17:34 +0200
  • c7d0d6820b Simplification of the input ICMP et IGMP rules Tristan PILAT 2020-09-07 11:14:07 +0200
  • 9169a9f0b0 Include rules in the if statements + add comments for every output rules Tristan PILAT 2020-08-31 17:08:30 +0200
  • 585c16c92e minifirewall script has been renamed to minifirewall-{start,stop}.sh Tristan PILAT 2020-08-31 09:48:48 +0200
  • 286fe62de5 Add initial work for output filtering Tristan PILAT 2020-08-31 09:47:35 +0200
  • ba193f22fa Change public SSH port from 2222 to 22222 Jérémy Lecour 2020-08-28 18:26:59 +0200
  • 129b323f80 First nftables version of minifirewall Tristan PILAT 2020-08-24 16:59:15 +0200
  • 3bcaee5b58 Merge pull request 'Docker handling' (#5) from docker into master Ludovic Poujol 2020-07-27 10:43:26 +0200
  • 7c384a777b
         Better handling of Docker to match the usual minifirewall behaviour docker Ludovic Poujol 2020-07-02 17:48:22 +0200
  • c7c5e9814a WIP: Added a way to block ASNs and IPs with ipset ipset-denylist Benoît S. 2020-07-22 10:31:47 +0900
  • 0ec2cb2f4b
         Make it compatible with docker Ludovic Poujol 2020-02-21 16:33:15 +0100
  • 30041b8949
         Fix IPV6 var not being defined on stop Ludovic Poujol 2020-02-21 16:26:41 +0100
  • 60ca9f67b2
         Update project URL in comment Ludovic Poujol 2020-02-17 10:54:01 +0100
  • 4cce49988b Full IPv6 support dev Victor LABORIE 2017-03-17 15:44:22 +0100
  • 42e18e57fd Add a Vagrantfile for testing Victor LABORIE 2019-06-04 17:43:26 +0200
  • 326547fba3 Fix typo in install doc Victor LABORIE 2019-06-04 17:40:26 +0200
  • e80979e04d Minifirewall is now under GPLv3 license Victor LABORIE 2019-06-04 16:53:34 +0200
  • 6846263daa Update README.md Victor LABORIE 2019-06-04 16:48:27 +0200
  • 979b7e2d03 Add missing variables in SMTPSECUREOK and SMTPOK loops Tristan PILAT 2018-08-28 15:39:58 +0200
  • 9ebb5fe748 Add security-cdn.debian.org to HTTPSITES whitelist Romain Dessort 2018-01-29 11:22:46 -0500
  • b3b58a90cd Use a better method to install files debian-sid Benoît S. 2017-08-05 23:02:14 +0200
  • fd49d009b6 Do not use dh_install. Benoît S. 2017-08-05 22:35:03 +0200
  • b57bf34430 dpkg-source --commit add PACKAGING.md Benoît S. 2017-08-05 22:03:09 +0200
  • 30a3d605e1 Packaging branch Benoît S. 2017-08-05 21:59:04 +0200
  • f21d58f870 Add a systemd unit systemd Victor LABORIE 2017-08-03 20:22:04 +0200
  • 0450c12f5d Merge branch 'ocsp-letsencrypt' Jérémy Lecour 2017-05-16 09:59:47 +0200
  • afdfc00a67 Add letsencrypt in HTTPSITES Jérémy Lecour 2017-05-16 09:58:16 +0200
  • dba28b0679 Remove obsolete srv domain Victor LABORIE 2016-08-09 12:40:14 +0200
  • 164d727e8e Remove obsolete IP addr Gregory Colpart 2015-12-07 17:19:35 +0100
  • b6a47dea0d Added quote to $IPV6 variables. Benoît S. 2015-10-21 10:45:39 +0200
  • 02d6447a10 Fix bug with IPv6. Tristan PILAT 2015-10-19 10:59:00 +0200
  • 4864872586 Rename README -> README.md for Redmine / Github Gregory Colpart 2015-09-13 20:40:56 +0200
  • 2943a7d58c Improve output messages Gregory Colpart 2015-09-13 20:31:04 +0200
  • 52f177303c Fix bug in old config detection Gregory Colpart 2015-09-13 20:21:55 +0200
  • 4ea10ccc83 Improve configuration file Gregory Colpart 2015-09-13 20:13:05 +0200
  • 2f561a6172 Improve descriptions / comments (switch all in english, etc.) Gregory Colpart 2015-09-13 18:37:53 +0200
  • 9579cfe991 Fix #1565. Use now /etc/default/minifirewall for config file! Gregory Colpart 2015-09-13 17:14:32 +0200
  • 6bc560b66a Add default rule for IPv6 DNS responses Gregory Colpart 2015-03-13 01:55:13 +0100
  • 283ff1161f Added SpamAssassin update repo URLs. Benoît S. 2015-01-20 17:16:42 +0100
  • 2d2fded0ac use same syntax for all ip6tables rules Gregory Colpart 2015-01-12 20:54:17 +0100
  • ebbee1ac84 Modify URL to track country ip blocks Gregory Colpart 2015-01-12 20:45:27 +0100
  • ec0b8ffef5 Added to HTTPSITES zidane and antismap00. Benoît S. 2015-01-02 14:07:17 +0100
  • 5525ff343f Adding new IP address for Evolix Arnaud Tomeï 2014-12-24 16:23:05 +0100
  • d452c16bc6 Duplicate rule Gregory Colpart 2014-09-11 23:33:33 +0200
  • f3674af0db Allow Input DNS on IPv6. Benoît S. 2014-07-25 14:21:42 +0200
  • 5275f8d7e2 Moves rules from firewall.rc to minifirewall core. Benoît S. 2014-05-22 17:38:00 +0200
  • 57ae4df6e7 Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall Romain Dessort 2014-05-09 11:09:52 +0200
  • 0eda844bba Add delegated CIDR for AFRINIC and LACNIC. Romain Dessort 2014-05-09 11:08:32 +0200
  • 705c4683a2 Allow all output on lo interface for IPv6. Benoît S. 2014-03-12 16:22:15 +0100
  • ce1d628516 Adding rules for DHCPv6. Benoît S. 2013-12-13 11:22:27 +0100
  • 8ed3c722ce Adding hwraid.le-vert.net in HTTPSITES Benoît S. 2013-10-31 14:11:07 +0100
  • 6c162c516b Fixing typo in HTTPSITES. Benoît S. 2013-06-07 14:43:54 +0200
  • 6df7c86ccf Add http://backports.debian.org by default Gregory Colpart 2013-05-06 16:07:53 +0200
  • 7d3d928e02 Improve new UDP rules to DROP by default Gregory Colpart 2012-11-14 00:55:35 +0100
  • ec14ee9f3e Last committer removed the IPv4 UDP rules?! Re-adding. Benoît S. 2012-11-09 10:05:34 +0100
  • f84add886a Merge branch 'master' of ssh://git.evolix.org/git/evolinux/minifirewall Gregory Colpart 2012-10-29 12:28:55 +0100
  • f714700623 Allow SMTP IPv6 Gregory Colpart 2012-10-29 12:25:41 +0100
  • 7795b715e6 Add rules to open traceroute UDP port. Romain Dessort 2012-10-24 10:32:05 +0200
  • b57dddf917 By default allow outgoing packets on loopback. This is needed since the new policy of dropping all outgoing UDP packets, especially when there is a local bind. Benoît S. 2012-10-08 16:19:22 +0200
  • 44bb5925eb Amelioration added for blocking output UDP. Benoît S. 2012-10-03 14:21:04 +0200
  • b5412ce98a Adding rules to block outgoing UDP trafic except for DNS and NTP. Benoît S. 2012-08-22 16:21:28 +0200