Simple and flexible firewall for Linux server
Go to file
Tristan PILAT a432511b04 Add per host output autorisation capability 2020-11-18 18:10:27 +01:00
.gitignore Add a Vagrantfile for testing 2019-06-04 17:43:26 +02:00
LICENSE Minifirewall is now under GPLv3 license 2019-06-04 16:53:34 +02:00
README.md First nftables version of minifirewall 2020-08-24 16:59:15 +02:00
Vagrantfile Add a Vagrantfile for testing 2019-06-04 17:43:26 +02:00
blacklist-countries.sh Update blacklist-countries.sh script to be used with nftables 2020-10-14 17:21:54 +02:00
cron_minifirewall Added an example of cron script to daily reload iptables 2011-04-02 12:01:58 +02:00
minifirewall-start.sh Add per host output autorisation capability 2020-11-18 18:10:27 +01:00
minifirewall-stop.sh First nftables version of minifirewall 2020-08-24 16:59:15 +02:00
minifirewall.conf Add per host output autorisation capability 2020-11-18 18:10:27 +01:00
minifirewall.service First nftables version of minifirewall 2020-08-24 16:59:15 +02:00
ripe.sh Add delegated CIDR for AFRINIC and LACNIC. 2014-05-09 11:08:32 +02:00

README.md

Minifirewall

Minifirewall is shellscripts for easy firewalling on a standalone server we used nftables https://wiki.nftables.org/ designed for recent Linux kernel See https://gitea.evolix.org/evolix/minifirewall

Install

install -m 0700 minifirewall.service /etc/systemd/system/minifirewall.service
install -m 0700 minifirewall-start.sh /usr/local/sbin/minifirewall-start.sh
install -m 0700 minifirewall-stop.sh /usr/local/sbin/minifirewall-stop.sh
install -m 0600 minifirewall.conf /etc/default/minifirewall

Config

Edit /etc/default/minifirewall file:

  • If your interface is not eth0, change INT variable
  • Modify INTLAN variable, probably with your IP/32 or your local network if you trust it
  • Set your trusted and privilegied IP addresses in TRUSTEDIPS and PRIVILEGIEDIPS variables
  • Authorize your +public+ services with SERVICESTCP1 and SERVICESUDP1 variables
  • Authorize your +semi-public+ services (only for TRUSTEDIPS and PRIVILEGIEDIPS ) with SERVICESTCP2 and SERVICESUDP2 variables
  • Authorize your +private+ services (only for TRUSTEDIPS ) with SERVICESTCP3 and SERVICESUDP3 variables
  • Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP

Usage

systemctl start/stop/restart minifirewall.service

If you want to add minifirewall in boot sequence:

systemctl enable minifirewall

License

This is an Evolix project and is licensed under the GPLv3, see the LICENSE file for details.