Minifirewall is shellscripts for easy firewalling on a standalone server we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel See https://gitea.evolix.org/evolix/minifirewall
install --mode 0700 minifirewall /etc/init.d/minifirewall
install --mode 0600 minifirewall.conf /etc/default/minifirewall
mkdir --mode 0700 /etc/minifirewall.d
Edit /etc/default/minifirewall file:
- If your interface is not
eth0, changeINTvariable - If you don't use IPv6, set
IPv6='off' - Modify
INTLANvariable, probably with your<IP>/32or your local network if you trust it - Set your trusted and privilegied IP addresses in
TRUSTEDIPSandPRIVILEGIEDIPSvariables - Authorize your public services with
SERVICESTCP1andSERVICESUDP1variables - Authorize your semi-public services (only for
TRUSTEDIPSandPRIVILEGIEDIPS) withSERVICESTCP2andSERVICESUDP2variables - Authorize your private services (only for
TRUSTEDIPS) withSERVICESTCP3andSERVICESUDP3variables - Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP
- Add your specific rules
To use minifirewall with Docker you need to change the variable DOCKER='on'
Then, authorisation for public/semi-public/private ports will also work for dockerized services
WARNING : When the port mapping on the host is different than in the container (ie: listen on :8090 on the host, but the service in the container listen on :8080) you need to use the port used by the container (ie: 8080) in the public/semi-public/private port list
/etc/init.d/minifirewall start/stop/restart
If you want to add minifirewall in boot sequence, add the start command to /usr/share/scripts/alert5.
This is an Evolix project and is licensed under the GPLv3, see the LICENSE file for details.