Jérôme Schneider
5dcff45f98
ferm: don't filter input by interface but only by ip
...
This allows VMs to talk to the host (Closes #6251 )
2015-01-07 15:20:36 +01:00
Jérôme Schneider
e7acd24479
ferm: accept ldap and ldaps output for the VMs
2015-01-07 15:20:36 +01:00
Thomas NOËL
0cff6770c3
include-by-hostname hack
2014-12-02 16:20:06 +01:00
Thomas NOËL
0222d53f28
add ferm.conf example/draft
2014-12-02 14:14:36 +01:00
Jérôme Schneider
3cf8765d97
replace ALLOW_WAN_OUTOUT_EVERYWHERE by ALLOW_WAN_OUTPUT_EVERYWHERE
...
WARNING: this commit change a firewall.conf variable you need to
change it from existing configurations
2014-02-12 14:33:13 +01:00
Thomas NOËL
a387b1a903
I believe in conntracker.
2014-02-12 14:28:25 +01:00
Jérôme Schneider
62f1db1a45
firewall.conf: put a real wan ip in configuration example
2014-02-07 15:38:34 +01:00
Jérôme Schneider
88e1bfbfde
Disable old protections against spoofing, scan port, Xmas Tree, null scanning, SYN/RST and SYN/FIN
2014-02-03 10:45:25 +01:00
Jérôme Schneider
8e43c63cc0
eofirewall: exit 0 and not 1 if configuration doesn't exist
2014-02-03 10:15:15 +01:00
Jérôme Schneider
5150b0a747
eofirewall: don't use interface for natting
2014-02-03 10:00:25 +01:00
Jérôme Schneider
d0cfb0e12d
replace log_daemon_msg by log_action_msg
2013-11-22 10:38:36 +01:00
Jérôme Schneider
f39de51a51
eofirewall: fix open_port call
2013-11-22 10:18:26 +01:00
Jérôme Schneider
0129cf55db
Imrpoving cleaning and prefix all chains with EO-X
2013-11-15 16:14:12 +01:00
Jérôme Schneider
d94d57056f
Makefile: rename rsyslog.conf to eofirewall.conf
2013-11-15 16:13:45 +01:00
Jérôme Schneider
5cf9c1039f
eofirewall: implement output filters
2013-11-15 12:05:40 +01:00
Jérôme Schneider
033410319d
Update documentation
2013-11-15 11:21:15 +01:00
Jérôme Schneider
bcc798bcbd
eofirewall is not an init script anymore
2013-11-15 10:31:30 +01:00
Jérôme Schneider
7c7a1ee5cb
Fix Makefile
2013-11-14 19:07:47 +01:00
Jérôme Schneider
5cc34f7b41
firewall: use users chains everywhere
2013-11-14 18:56:58 +01:00
Jérôme Schneider
39fb640472
Delete debian folder now useless
2013-11-09 10:58:08 +01:00
Jérôme Schneider
0f5623e4ce
Update Makefile for eobuilder
2013-11-09 10:56:04 +01:00
Jérôme Schneider
88b757a9dc
temp commit
2013-11-09 10:46:09 +01:00
Jérôme Schneider
11827cd6d1
firewall: use multiports instead of openning port by port
2013-08-30 19:41:20 +02:00
Jérôme Schneider
bb7b95c78d
firewall: improve whitelist support and port knocking support
2013-07-23 10:27:01 +02:00
Jérôme Schneider
2d30350106
Improve LAN management
2011-08-03 12:02:59 +02:00
Jérôme Schneider
710b80e89f
Use lsb init messages
2011-07-04 19:07:54 +02:00
Frédéric Péters
3308d21135
Use functions from lsb to display messages
2011-06-24 11:41:18 +02:00
Jérôme Schneider
584c4b8aa6
Use local variable instead of global
2011-06-23 16:53:25 +02:00
Jérôme Schneider
0749affec5
Fix port knocking and config test
...
* Fix multiple port knocking
* Fix config test
* Move firewall.conf to firewall.conf.template
* Clean start messages
* New deb entry
2011-06-23 14:56:41 +02:00
Jérôme Schneider
66c6cc3853
Avoid log flood
2011-06-22 15:47:23 +02:00
Jérôme Schneider
1c466fdf89
add an example for the ssh whitelist
2011-06-21 19:34:59 +02:00
Jérôme Schneider
79b094e5c4
Fix WAN outgoing traffic from lan
2011-06-21 19:18:54 +02:00
Jérôme Schneider
8826481a8e
Fix deb version
2011-06-21 17:57:46 +02:00
Jérôme Schneider
47cd469b54
New deb version
2011-06-21 17:55:28 +02:00
Jérôme Schneider
0440531e2f
Add a whitelist for ssh, port knocking set to 15 seconds and move the config to /etc/firewall
2011-06-21 17:54:06 +02:00
Jérôme Schneider
e8fe286563
port knocking: open only 6 seconds
2011-06-21 15:44:32 +02:00
Jérôme Schneider
ec75d05e47
Fix port knocking and deb entry
2011-06-21 15:26:05 +02:00
Jérôme Schneider
6a34b1697e
Add port knocking and support save and load rules
...
* Support port knocking
* Add a test option
* Add save and load of the rules
* Modify states to support last iptables version
* Add logrotate support for the Debian packages
2011-06-21 14:21:52 +02:00
Jérôme Schneider
b4601423a0
Fix configuration file: remove empty value
2011-05-09 23:03:08 +02:00
Jérôme Schneider
60424d5513
deb: new entry
2011-05-09 22:52:13 +02:00
Jérôme Schneider
de369b6a3e
Improve firewall:
...
* Using SNAT instead of DNAT
* Finish new configuration file
* Add test
2011-05-09 22:44:46 +02:00
Jérôme Schneider
1785bd3b8f
Fix open ports and cleaning default firewall.conf
2011-03-16 21:01:07 +01:00
Jérôme Schneider
9df7935f90
Hudge improvements
...
* Change config syntax
* Add a lot of test
* Support destination to open a port
2011-03-16 20:46:03 +01:00
Jérôme Schneider
8a79bdbdec
Fix ! position
2011-03-08 11:44:29 +01:00
Jérôme Schneider
471bbe992e
Fix makefile
2011-03-07 19:39:02 +01:00
Jérôme Schneider
fbe9518780
eofirewall debian pakage is ready
2011-03-07 19:38:00 +01:00
Jérôme Schneider
499b1db1f6
Rename firewall to eofirewall and add a minimal makefile
2011-03-07 18:12:12 +01:00