Projet

Général

Profil

minifirewall

Installation

# wget "https://forge.evolix.org/projects/minifirewall/repository/revisions/master/raw/minifirewall" -q -O /etc/init.d/minifirewall
# wget "https://forge.evolix.org/projects/minifirewall/repository/revisions/master/raw/minifirewall.conf" -q -O /etc/default/minifirewall
# chmod 700 /etc/init.d/minifirewall ; chmod 600 /etc/default/minifirewall

Configuration

Edit /etc/default/minifirewall file:

  • If your interface is not eth0, change INT variable
  • If you don't IPv6 : IPv6=off
  • Modify INTLAN variable, probably with your IP/32 or your local network if you trust it
  • Set your trusted and privilegied IP addresses in TRUSTEDIPS and PRIVILEGIEDIPS variables
  • Authorize your public services with SERVICESTCP1 and SERVICESUDP1 variables
  • Authorize your semi-public services (only for TRUSTEDIPS and PRIVILEGIEDIPS ) with SERVICESTCP2 and SERVICESUDP2 variables
  • Authorize your private services (only for TRUSTEDIPS ) with SERVICESTCP3 and SERVICESUDP3 variables
  • Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP
  • Add your specific rules

Usage

# /etc/init.d/minifirewall start/stop/restart

If you want add minifirewall in boot sequence:

insserv /etc/init.d/minifirewall