81 lines
2 KiB
Plaintext
81 lines
2 KiB
Plaintext
# Configuration for minifirewall : https://forge.evolix.org/projects/minifirewall
|
|
|
|
# Main interface
|
|
INT='eth0'
|
|
|
|
# IPv6
|
|
IPV6=on
|
|
|
|
# Docker Mode
|
|
# Changes the behaviour of minifirewall to not break the containers' network
|
|
# For instance, turning it on will disable nat table purge
|
|
# Also, we'll add the DOCKER-USER chain, in iptable
|
|
DOCKER='off'
|
|
|
|
# Trusted IPv4 local network
|
|
# ...will be often IP/32 if you don't trust anything
|
|
INTLAN='192.168.0.2/32'
|
|
|
|
# Trusted IPv4 addresses for private and semi-public services
|
|
TRUSTEDIPS=''
|
|
|
|
# Privileged IPv4 addresses for semi-public services
|
|
# (no need to add again TRUSTEDIPS)
|
|
PRIVILEGEDIPS=''
|
|
|
|
|
|
# Local services IPv4/IPv6 restrictions
|
|
#######################################
|
|
|
|
# Protected services
|
|
# (add also in Public services if needed)
|
|
SERVICESTCP1p='22'
|
|
SERVICESUDP1p=''
|
|
|
|
# Public services (IPv4/IPv6)
|
|
SERVICESTCP1='25 53 443 993 995 2222'
|
|
SERVICESUDP1='53'
|
|
|
|
# Semi-public services (IPv4)
|
|
SERVICESTCP2='20 21 22 80 110 143'
|
|
SERVICESUDP2=''
|
|
|
|
# Private services (IPv4)
|
|
SERVICESTCP3='5666'
|
|
SERVICESUDP3=''
|
|
|
|
|
|
# Standard output IPv4 access restrictions
|
|
##########################################
|
|
|
|
# DNS authorizations
|
|
# (if you have local DNS server, set 0.0.0.0/0)
|
|
DNSSERVEURS='0.0.0.0/0'
|
|
|
|
# HTTP authorizations
|
|
# (you can use DNS names but set cron to reload minifirewall regularly)
|
|
# (if you have HTTP proxy, set 0.0.0.0/0)
|
|
HTTPSITES='security.debian.org pub.evolix.net security-cdn.debian.org volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org ocsp.int-x3.letsencrypt.org'
|
|
|
|
# HTTPS authorizations
|
|
HTTPSSITES='0.0.0.0/0'
|
|
|
|
# FTP authorizations
|
|
FTPSITES=''
|
|
|
|
# SSH authorizations
|
|
SSHOK='0.0.0.0/0'
|
|
|
|
# SMTP authorizations
|
|
SMTPOK='0.0.0.0/0'
|
|
|
|
# SMTP secure authorizations (ports TCP/465 and TCP/587)
|
|
SMTPSECUREOK=''
|
|
|
|
# NTP authorizations
|
|
NTPOK='0.0.0.0/0'
|
|
|
|
# Per host output autorisations (IP!Port)
|
|
# OUTPUTOK='203.0.113.1!42 203.0.113.2!43'
|
|
OUTPUTOK=''
|