Platon Technologies
not logged in Login Registration
EnglishSlovak
open source software development celebrating 10 years of open source development! Friday, August 14, 2020

CVS log for scripts/shell/firewall/default-firewall.conf

[BACK] Up to [Platon] / scripts / shell / firewall

Request diff between arbitrary revisions


Default branch: MAIN


Revision 2.37 / (download) - [select for diffs], Thu May 5 21:07:54 2016 UTC (4 years, 3 months ago) by rajo


Changes since 2.36: +4 -1 lines
Diff to previous 2.36 (colored)

map_subnet replaced by load_subnet

Revision 2.36 / (download) - [select for diffs], Fri Nov 18 23:26:18 2011 UTC (8 years, 8 months ago) by rajo

Changes since 2.35: +5 -3 lines
Diff to previous 2.35 (colored)

Optimization: ports can be separated by comma: single rule with -m multiport --dports
22,80,443 is then generated instead of multiple rules.

Revision 2.35 / (download) - [select for diffs], Sun Aug 8 23:34:25 2010 UTC (10 years ago) by nepto

Changes since 2.34: +17 -1 lines
Diff to previous 2.34 (colored)

Custom rules implemented

Revision 2.34 / (download) - [select for diffs], Fri Nov 6 23:14:36 2009 UTC (10 years, 9 months ago) by nepto

Changes since 2.33: +9 -1 lines
Diff to previous 2.33 (colored)

Implemented REAL_DROP_INPUT_TCP/UDP, REAL_REJECT_INPUT_TCP/UDP and
REAL_ACCEPT_INPUT_TCP/UDP configuration options as an alternatives
for ALL_*_INPUT_TCP/UDP which work for real interfaces only.

New REAL_*_INPUT_TCP/UDP options works for yet non-existent interfaces
as well, what could be useful for an IP failover in HA clustering.

Revision 2.33 / (download) - [select for diffs], Wed Mar 4 22:51:42 2009 UTC (11 years, 5 months ago) by nepto

Changes since 2.32: +3 -1 lines
Diff to previous 2.32 (colored)

Implemented IP-ADDRESS:ALL for enabling traffic to ALL ports from
certain IP address

Revision 2.32 / (download) - [select for diffs], Fri Feb 6 23:13:38 2009 UTC (11 years, 6 months ago) by rajo

Changes since 2.31: +3 -2 lines
Diff to previous 2.31 (colored)

NAT: IP alias can be forwarded to machine in local network.

Revision 2.31 / (download) - [select for diffs], Fri Feb 6 00:38:56 2009 UTC (11 years, 6 months ago) by rajo

Changes since 2.30: +3 -1 lines
Diff to previous 2.30 (colored)

IPtables rules can be defined per IP address alias (eth0:0, eth0:1,
...), not per IP of interface (eth0). This enhances rules granularity,
because interface eth0:0 can have different rules than eth0:1.

Revision 2.30 / (download) - [select for diffs], Fri Jan 16 23:33:32 2009 UTC (11 years, 6 months ago) by rajo

Changes since 2.29: +13 -2 lines
Diff to previous 2.29 (colored)

Added note about kernel version >= 2.6.25 and ipt_TOS & xt_DSCP modules.

Revision 2.29 / (download) - [select for diffs], Sun Apr 13 19:27:00 2008 UTC (12 years, 4 months ago) by rajo

Changes since 2.28: +18 -1 lines
Diff to previous 2.28 (colored)

New feature: experimental support for shaping.

Revision 2.28 / (download) - [select for diffs], Sat Feb 2 22:57:54 2008 UTC (12 years, 6 months ago) by rajo

Changes since 2.27: +4 -2 lines
Diff to previous 2.27 (colored)

* Fix: use tcp-reset instead of default icmp-port-unreachable, because
  icmp-port-unreachable is filtered by some firewalls
* --reject-with is configurable by REJECT_WITH variable

Revision 2.27 / (download) - [select for diffs], Wed Jan 16 23:45:08 2008 UTC (12 years, 7 months ago) by rajo

Changes since 2.26: +2 -1 lines
Diff to previous 2.26 (colored)

New feature: block IP's with ONE command on all managed servers (simple
distributed firewalling)

WARNING:
WARNING: USE WITH CARE! You can cut-off your connection!
WARNING:

Usage:

/etc/init.d/firewall deploy-block 1.2.3.4/32

- /etc/default/firewall.d/deploy-servers.list - list of managed servers
- /etc/default/firewall.d/BANNED_IP.conf      - list of blockes IP's and/or networks

Revision 2.26 / (download) - [select for diffs], Wed Dec 12 23:30:09 2007 UTC (12 years, 8 months ago) by rajo

Changes since 2.25: +8 -2 lines
Diff to previous 2.25 (colored)

New feature: added options
  $ALL_REJECT_INPUT_TCP
  $ALL_REJECT_INPUT_UDP
  $eth0_REJECT_INPUT_TCP
  $eth0_REJECT_INPUT_UDP

Revision 2.25 / (download) - [select for diffs], Wed Aug 29 14:43:55 2007 UTC (12 years, 11 months ago) by rajo

Changes since 2.24: +2 -1 lines
Diff to previous 2.24 (colored)

awk ifconfig parser replaced by perl parser: fixed problem with old GNU awk (3.1.4, Debian sarge).

Revision 2.24 / (download) - [select for diffs], Sat Sep 30 21:55:28 2006 UTC (13 years, 10 months ago) by rajo

Changes since 2.23: +2 -2 lines
Diff to previous 2.23 (colored)

New feature: ability to limit connection to ports only from some IPs.

Revision 2.23 / (download) - [select for diffs], Sun Sep 24 16:17:10 2006 UTC (13 years, 10 months ago) by rajo

Changes since 2.22: +4 -0 lines
Diff to previous 2.22 (colored)

New feature: some packets can be dropped and they doesn't appear in log file.

Revision 2.22 / (download) - [select for diffs], Sun Mar 12 22:23:40 2006 UTC (14 years, 5 months ago) by rajo

Changes since 2.21: +3 -0 lines
Diff to previous 2.21 (colored)

Feature: changed behaviour of $NAT_SET_TTL - you can specify exact value of TTL.

Revision 2.21 / (download) - [select for diffs], Sat Mar 4 02:09:52 2006 UTC (14 years, 5 months ago) by rajo

Changes since 2.20: +4 -0 lines
Diff to previous 2.20 (colored)

New feature: hide NAT clients behind firewall: - set TTL

Revision 2.20 / (download) - [select for diffs], Fri Jan 13 18:32:36 2006 UTC (14 years, 7 months ago) by rajo

Changes since 2.19: +13 -0 lines
Diff to previous 2.19 (colored)

New feature: some bad clients can be redirected from standard service port to closed port or service with another content.

Revision 2.19 / (download) - [select for diffs], Tue Jan 10 01:33:26 2006 UTC (14 years, 7 months ago) by rajo

Changes since 2.18: +1 -0 lines
Diff to previous 2.18 (colored)

Traffic on redirected ports is taken into account for this client.

Revision 2.18 / (download) - [select for diffs], Mon Jan 9 00:52:05 2006 UTC (14 years, 7 months ago) by rajo

Changes since 2.17: +7 -1 lines
Diff to previous 2.17 (colored)

Experimental IP accounting support.

Revision 2.17 / (download) - [select for diffs], Tue Nov 1 00:36:24 2005 UTC (14 years, 9 months ago) by rajo

Changes since 2.16: +1 -2 lines
Diff to previous 2.16 (colored)

Cleanup.

Revision 2.16 / (download) - [select for diffs], Wed Jun 29 15:42:22 2005 UTC (15 years, 1 month ago) by rajo

Changes since 2.15: +2 -2 lines
Diff to previous 2.15 (colored)

Fix: logging should be "on" by default.

Revision 2.15 / (download) - [select for diffs], Wed Jun 29 15:24:04 2005 UTC (15 years, 1 month ago) by rajo

Changes since 2.14: +5 -1 lines
Diff to previous 2.14 (colored)

* Logging via syslog can be turned off (default is on).
* Variable DEFAULT_CONFIG renamed to DEFAULT_FIREWALL_CONFIG.
* Fixed usage() message.

Revision 2.14 / (download) - [select for diffs], Wed Mar 16 13:53:34 2005 UTC (15 years, 5 months ago) by rajo

Changes since 2.13: +8 -1 lines
Diff to previous 2.13 (colored)

* New Feature: bann IP address
  This feature has been developed for following reason:
  UbiCrawler spam our website with many requests (they are duplicit requests of the same page!)
  And this web robot doesn't accept HTTP META tags (http://www.robotstxt.org/wc/faq.html#extension)
  User Agent: "UbiCrawler/v0.4beta (http://ubi.iit.cnr.it/projects/ubicrawler/)"

Revision 2.13 / (download) - [select for diffs], Tue Mar 1 23:17:11 2005 UTC (15 years, 5 months ago) by rajo

Changes since 2.12: +7 -2 lines
Diff to previous 2.12 (colored)

New feature: port forwarding to local machines

Revision 2.12 / (download) - [select for diffs], Tue Mar 1 21:47:20 2005 UTC (15 years, 5 months ago) by rajo

Changes since 2.11: +6 -1 lines
Diff to previous 2.11 (colored)

Deny NAT for some clients in your LAN.

Revision 2.11 / (download) - [select for diffs], Sun Jan 16 15:27:15 2005 UTC (15 years, 7 months ago) by rajo

Changes since 2.10: +4 -1 lines
Diff to previous 2.10 (colored)

Added traceroute support

Revision 2.10 / (download) - [select for diffs], Sun Jan 16 15:23:39 2005 UTC (15 years, 7 months ago) by rajo

Changes since 2.9: +10 -2 lines
Diff to previous 2.9 (colored)

Added ICMP description.

Revision 2.9 / (download) - [select for diffs], Sun Jan 16 13:27:54 2005 UTC (15 years, 7 months ago) by rajo

Changes since 2.8: +2 -2 lines
Diff to previous 2.8 (colored)

Log limit changed from 12/h to 12/s with limit-burst 24

Revision 2.8 / (download) - [select for diffs], Sun Jan 16 13:14:31 2005 UTC (15 years, 7 months ago) by rajo

Changes since 2.7: +2 -2 lines
Diff to previous 2.7 (colored)

Accept also fragmentation-needed ICMP packets

Revision 2.7 / (download) - [select for diffs], Sun Jan 16 12:08:48 2005 UTC (15 years, 7 months ago) by rajo

Changes since 2.6: +4 -3 lines
Diff to previous 2.6 (colored)

* DEBUG turned off.
* lo interface addded to $IFACE_ACCEPT_ALL

Revision 2.6 / (download) - [select for diffs], Sun Jan 16 11:06:10 2005 UTC (15 years, 7 months ago) by rajo

Changes since 2.5: +5 -2 lines
Diff to previous 2.5 (colored)

Added simple DEBUG

Revision 2.5 / (download) - [select for diffs], Sun Jan 16 10:55:39 2005 UTC (15 years, 7 months ago) by rajo

Changes since 2.4: +2 -1 lines
Diff to previous 2.4 (colored)

Added $ALL_ACCEPT_INPUT_UDP - accept UDP packets on ports

Revision 2.4 / (download) - [select for diffs], Thu Jan 13 13:31:54 2005 UTC (15 years, 7 months ago) by rajo

Changes since 2.3: +2 -2 lines
Diff to previous 2.3 (colored)

* Log level set to 'notice'.
* * options '-j LOG --log-prefix' included into variable $LOG_LIMIT

Revision 2.3 / (download) - [select for diffs], Sun Jan 2 13:31:46 2005 UTC (15 years, 7 months ago) by rajo

Changes since 2.2: +7 -1 lines
Diff to previous 2.2 (colored)

* Fix: fixed ICMP configuration.
* Allow ICMP packets in FORWARD chains.

Revision 2.2 / (download) - [select for diffs], Sun Jan 2 01:49:01 2005 UTC (15 years, 7 months ago) by rajo

Changes since 2.1: +22 -7 lines
Diff to previous 2.1 (colored)

* NAT support.
* NAT: don't forward Miscrosoft protocols - NOT RFC compliant packets
* NAT: Configure port forwarding
* Log new connections: usefull for securing your NAT network.

Revision 2.1 / (download) - [select for diffs], Sun Dec 12 18:07:11 2004 UTC (15 years, 8 months ago) by rajo

* Fixed antispoof filter.
* Added masquerading support.
* Ability to configure package dropping.

Revision 2.0 / (download) - [select for diffs], Sun Nov 14 15:23:09 2004 UTC (15 years, 9 months ago) by rajo

* Firewall configuration is now in config file.
* Default $INET_IFACE removed - replaced by per-interface configuration
  options.
* Fixed bug with unloading modules.
* allow_icmp() function was not called - fixed.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




Platon Group <platon@platon.org> http://platon.org/
Copyright © 2002-2006 Platon Group
Site powered by Metafox CMS
Go to Top