Commit Graph

47 Commits

Author SHA1 Message Date
Jérôme Schneider 5dcff45f98 ferm: don't filter input by interface but only by ip
This allows VMs to talk to the host (Closes #6251)
2015-01-07 15:20:36 +01:00
Jérôme Schneider e7acd24479 ferm: accept ldap and ldaps output for the VMs 2015-01-07 15:20:36 +01:00
Thomas NOËL 0cff6770c3 include-by-hostname hack 2014-12-02 16:20:06 +01:00
Thomas NOËL 0222d53f28 add ferm.conf example/draft 2014-12-02 14:14:36 +01:00
Jérôme Schneider 3cf8765d97 replace ALLOW_WAN_OUTOUT_EVERYWHERE by ALLOW_WAN_OUTPUT_EVERYWHERE
WARNING: this commit change a firewall.conf variable you need to
change it from existing configurations
2014-02-12 14:33:13 +01:00
Thomas NOËL a387b1a903 I believe in conntracker. 2014-02-12 14:28:25 +01:00
Jérôme Schneider 62f1db1a45 firewall.conf: put a real wan ip in configuration example 2014-02-07 15:38:34 +01:00
Jérôme Schneider 88e1bfbfde Disable old protections against spoofing, scan port, Xmas Tree, null scanning, SYN/RST and SYN/FIN 2014-02-03 10:45:25 +01:00
Jérôme Schneider 8e43c63cc0 eofirewall: exit 0 and not 1 if configuration doesn't exist 2014-02-03 10:15:15 +01:00
Jérôme Schneider 5150b0a747 eofirewall: don't use interface for natting 2014-02-03 10:00:25 +01:00
Jérôme Schneider d0cfb0e12d replace log_daemon_msg by log_action_msg 2013-11-22 10:38:36 +01:00
Jérôme Schneider f39de51a51 eofirewall: fix open_port call 2013-11-22 10:18:26 +01:00
Jérôme Schneider 0129cf55db Imrpoving cleaning and prefix all chains with EO-X 2013-11-15 16:14:12 +01:00
Jérôme Schneider d94d57056f Makefile: rename rsyslog.conf to eofirewall.conf 2013-11-15 16:13:45 +01:00
Jérôme Schneider 5cf9c1039f eofirewall: implement output filters 2013-11-15 12:05:40 +01:00
Jérôme Schneider 033410319d Update documentation 2013-11-15 11:21:15 +01:00
Jérôme Schneider bcc798bcbd eofirewall is not an init script anymore 2013-11-15 10:31:30 +01:00
Jérôme Schneider 7c7a1ee5cb Fix Makefile 2013-11-14 19:07:47 +01:00
Jérôme Schneider 5cc34f7b41 firewall: use users chains everywhere 2013-11-14 18:56:58 +01:00
Jérôme Schneider 39fb640472 Delete debian folder now useless 2013-11-09 10:58:08 +01:00
Jérôme Schneider 0f5623e4ce Update Makefile for eobuilder 2013-11-09 10:56:04 +01:00
Jérôme Schneider 88b757a9dc temp commit 2013-11-09 10:46:09 +01:00
Jérôme Schneider 11827cd6d1 firewall: use multiports instead of openning port by port 2013-08-30 19:41:20 +02:00
Jérôme Schneider bb7b95c78d firewall: improve whitelist support and port knocking support 2013-07-23 10:27:01 +02:00
Jérôme Schneider 2d30350106 Improve LAN management 2011-08-03 12:02:59 +02:00
Jérôme Schneider 710b80e89f Use lsb init messages 2011-07-04 19:07:54 +02:00
Frédéric Péters 3308d21135 Use functions from lsb to display messages 2011-06-24 11:41:18 +02:00
Jérôme Schneider 584c4b8aa6 Use local variable instead of global 2011-06-23 16:53:25 +02:00
Jérôme Schneider 0749affec5 Fix port knocking and config test
* Fix multiple port knocking
 * Fix config test
 * Move firewall.conf to firewall.conf.template
 * Clean start messages
 * New deb entry
2011-06-23 14:56:41 +02:00
Jérôme Schneider 66c6cc3853 Avoid log flood 2011-06-22 15:47:23 +02:00
Jérôme Schneider 1c466fdf89 add an example for the ssh whitelist 2011-06-21 19:34:59 +02:00
Jérôme Schneider 79b094e5c4 Fix WAN outgoing traffic from lan 2011-06-21 19:18:54 +02:00
Jérôme Schneider 8826481a8e Fix deb version 2011-06-21 17:57:46 +02:00
Jérôme Schneider 47cd469b54 New deb version 2011-06-21 17:55:28 +02:00
Jérôme Schneider 0440531e2f Add a whitelist for ssh, port knocking set to 15 seconds and move the config to /etc/firewall 2011-06-21 17:54:06 +02:00
Jérôme Schneider e8fe286563 port knocking: open only 6 seconds 2011-06-21 15:44:32 +02:00
Jérôme Schneider ec75d05e47 Fix port knocking and deb entry 2011-06-21 15:26:05 +02:00
Jérôme Schneider 6a34b1697e Add port knocking and support save and load rules
* Support port knocking
 * Add a test option
 * Add save and load of the rules
 * Modify states to support last iptables version
 * Add logrotate support for the Debian packages
2011-06-21 14:21:52 +02:00
Jérôme Schneider b4601423a0 Fix configuration file: remove empty value 2011-05-09 23:03:08 +02:00
Jérôme Schneider 60424d5513 deb: new entry 2011-05-09 22:52:13 +02:00
Jérôme Schneider de369b6a3e Improve firewall:
* Using SNAT instead of DNAT
 * Finish new configuration file
 * Add test
2011-05-09 22:44:46 +02:00
Jérôme Schneider 1785bd3b8f Fix open ports and cleaning default firewall.conf 2011-03-16 21:01:07 +01:00
Jérôme Schneider 9df7935f90 Hudge improvements
* Change config syntax
 * Add a lot of test
 * Support destination to open a port
2011-03-16 20:46:03 +01:00
Jérôme Schneider 8a79bdbdec Fix ! position 2011-03-08 11:44:29 +01:00
Jérôme Schneider 471bbe992e Fix makefile 2011-03-07 19:39:02 +01:00
Jérôme Schneider fbe9518780 eofirewall debian pakage is ready 2011-03-07 19:38:00 +01:00
Jérôme Schneider 499b1db1f6 Rename firewall to eofirewall and add a minimal makefile 2011-03-07 18:12:12 +01:00