# Configuration for minifirewall : https://forge.evolix.org/projects/minifirewall

# Main interface
INT='eth0'

# IPv6
IPV6=on

# Docker Mode
# Changes the behaviour of minifirewall to not break the containers' network
# For instance, turning it on will disable nat table purge
# Also, we'll add the DOCKER-USER chain, in iptable
DOCKER='off'

# Trusted IPv4 local network
# ...will be often IP/32 if you don't trust anything
INTLAN='192.168.0.2/32'

# Trusted IPv4 addresses for private and semi-public services
TRUSTEDIPS=''

# Privileged IPv4 addresses for semi-public services
# (no need to add again TRUSTEDIPS)
PRIVILEGEDIPS=''


# Local services IPv4/IPv6 restrictions
#######################################

# Protected services
# (add also in Public services if needed)
SERVICESTCP1p='22'
SERVICESUDP1p=''

# Public services (IPv4/IPv6)
SERVICESTCP1='25 53 443 993 995 2222'
SERVICESUDP1='53'

# Semi-public services (IPv4)
SERVICESTCP2='20 21 22 80 110 143'
SERVICESUDP2=''

# Private services (IPv4)
SERVICESTCP3='5666'
SERVICESUDP3=''


# Standard output IPv4 access restrictions
##########################################

# DNS authorizations
# (if you have local DNS server, set 0.0.0.0/0)
DNSSERVEURS='0.0.0.0/0'

# HTTP authorizations
# (you can use DNS names but set cron to reload minifirewall regularly)
# (if you have HTTP proxy, set 0.0.0.0/0)
HTTPSITES='security.debian.org pub.evolix.net security-cdn.debian.org volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org ocsp.int-x3.letsencrypt.org'

# HTTPS authorizations
HTTPSSITES='0.0.0.0/0'

# FTP authorizations
FTPSITES=''

# SSH authorizations
SSHOK='0.0.0.0/0'

# SMTP authorizations
SMTPOK='0.0.0.0/0'

# SMTP secure authorizations (ports TCP/465 and TCP/587)
SMTPSECUREOK=''

# NTP authorizations
NTPOK='0.0.0.0/0'

# Per host output autorisations (IP!Port)
# OUTPUTOK='203.0.113.1!42 203.0.113.2!43'
OUTPUTOK=''