CVS log for scripts/shell/firewall/default-firewall.conf
Up to [Platon] / scripts / shell / firewall
Request diff between arbitrary revisions
Default branch: MAIN
Revision 2.37 / (download) - [select for diffs], Thu May 5 21:07:54 2016 UTC (7 years, 10 months ago) by rajo
Changes since 2.36: +4 -1 lines Diff to previous 2.36 (unified)
map_subnet replaced by load_subnet
Revision 2.36 / (download) - [select for diffs], Fri Nov 18 23:26:18 2011 UTC (12 years, 4 months ago) by rajo
Changes since 2.35: +5 -3 lines Diff to previous 2.35 (unified)
Optimization: ports can be separated by comma: single rule with -m multiport --dports
22,80,443 is then generated instead of multiple rules.
Revision 2.35 / (download) - [select for diffs], Sun Aug 8 23:34:25 2010 UTC (13 years, 7 months ago) by nepto
Changes since 2.34: +17 -1 lines Diff to previous 2.34 (unified)
Custom rules implemented
Revision 2.34 / (download) - [select for diffs], Fri Nov 6 23:14:36 2009 UTC (14 years, 4 months ago) by nepto
Changes since 2.33: +9 -1 lines Diff to previous 2.33 (unified)
Implemented REAL_DROP_INPUT_TCP/UDP, REAL_REJECT_INPUT_TCP/UDP and
REAL_ACCEPT_INPUT_TCP/UDP configuration options as an alternatives
for ALL_*_INPUT_TCP/UDP which work for real interfaces only.
New REAL_*_INPUT_TCP/UDP options works for yet non-existent interfaces
as well, what could be useful for an IP failover in HA clustering.
Revision 2.33 / (download) - [select for diffs], Wed Mar 4 22:51:42 2009 UTC (15 years ago) by nepto
Changes since 2.32: +3 -1 lines Diff to previous 2.32 (unified)
Implemented IP-ADDRESS:ALL for enabling traffic to ALL ports from
certain IP address
Revision 2.32 / (download) - [select for diffs], Fri Feb 6 23:13:38 2009 UTC (15 years, 1 month ago) by rajo
Changes since 2.31: +3 -2 lines Diff to previous 2.31 (unified)
NAT: IP alias can be forwarded to machine in local network.
Revision 2.31 / (download) - [select for diffs], Fri Feb 6 00:38:56 2009 UTC (15 years, 1 month ago) by rajo
Changes since 2.30: +3 -1 lines Diff to previous 2.30 (unified)
IPtables rules can be defined per IP address alias (eth0:0, eth0:1,
...), not per IP of interface (eth0). This enhances rules granularity,
because interface eth0:0 can have different rules than eth0:1.
Revision 2.30 / (download) - [select for diffs], Fri Jan 16 23:33:32 2009 UTC (15 years, 2 months ago) by rajo
Changes since 2.29: +13 -2 lines Diff to previous 2.29 (unified)
Added note about kernel version >= 2.6.25 and ipt_TOS & xt_DSCP modules.
Revision 2.29 / (download) - [select for diffs], Sun Apr 13 19:27:00 2008 UTC (15 years, 11 months ago) by rajo
Changes since 2.28: +18 -1 lines Diff to previous 2.28 (unified)
New feature: experimental support for shaping.
Revision 2.28 / (download) - [select for diffs], Sat Feb 2 22:57:54 2008 UTC (16 years, 1 month ago) by rajo
Changes since 2.27: +4 -2 lines Diff to previous 2.27 (unified)
* Fix: use tcp-reset instead of default icmp-port-unreachable, because
icmp-port-unreachable is filtered by some firewalls
* --reject-with is configurable by REJECT_WITH variable
Revision 2.27 / (download) - [select for diffs], Wed Jan 16 23:45:08 2008 UTC (16 years, 2 months ago) by rajo
Changes since 2.26: +2 -1 lines Diff to previous 2.26 (unified)
New feature: block IP's with ONE command on all managed servers (simple
distributed firewalling)
WARNING:
WARNING: USE WITH CARE! You can cut-off your connection!
WARNING:
Usage:
/etc/init.d/firewall deploy-block 1.2.3.4/32
- /etc/default/firewall.d/deploy-servers.list - list of managed servers
- /etc/default/firewall.d/BANNED_IP.conf - list of blockes IP's and/or networks
Revision 2.26 / (download) - [select for diffs], Wed Dec 12 23:30:09 2007 UTC (16 years, 3 months ago) by rajo
Changes since 2.25: +8 -2 lines Diff to previous 2.25 (unified)
New feature: added options
$ALL_REJECT_INPUT_TCP
$ALL_REJECT_INPUT_UDP
$eth0_REJECT_INPUT_TCP
$eth0_REJECT_INPUT_UDP
Revision 2.25 / (download) - [select for diffs], Wed Aug 29 14:43:55 2007 UTC (16 years, 7 months ago) by rajo
Changes since 2.24: +2 -1 lines Diff to previous 2.24 (unified)
awk ifconfig parser replaced by perl parser: fixed problem with old GNU awk (3.1.4, Debian sarge).
Revision 2.24 / (download) - [select for diffs], Sat Sep 30 21:55:28 2006 UTC (17 years, 6 months ago) by rajo
Changes since 2.23: +2 -2 lines Diff to previous 2.23 (unified)
New feature: ability to limit connection to ports only from some IPs.
Revision 2.23 / (download) - [select for diffs], Sun Sep 24 16:17:10 2006 UTC (17 years, 6 months ago) by rajo
Changes since 2.22: +4 -0 lines Diff to previous 2.22 (unified)
New feature: some packets can be dropped and they doesn't appear in log file.
Revision 2.22 / (download) - [select for diffs], Sun Mar 12 22:23:40 2006 UTC (18 years ago) by rajo
Changes since 2.21: +3 -0
lines Diff to previous 2.21 (unified)
Feature: changed behaviour of $NAT_SET_TTL - you can specify exact value of TTL.
Revision 2.21 / (download) - [select for diffs], Sat Mar 4 02:09:52 2006 UTC (18 years ago) by rajo
Changes since 2.20: +4 -0
lines Diff to previous 2.20 (unified)
New feature: hide NAT clients behind firewall: - set TTL
Revision 2.20 / (download) - [select for diffs], Fri Jan 13 18:32:36 2006 UTC (18 years, 2 months ago) by rajo
Changes since 2.19: +13 -0
lines Diff to previous 2.19 (unified)
New feature: some bad clients can be redirected from standard service port to closed port or service with another content.
Revision 2.19 / (download) - [select for diffs], Tue Jan 10 01:33:26 2006 UTC (18 years, 2 months ago) by rajo
Changes since 2.18: +1 -0
lines Diff to previous 2.18 (unified)
Traffic on redirected ports is taken into account for this client.
Revision 2.18 / (download) - [select for diffs], Mon Jan 9 00:52:05 2006 UTC (18 years, 2 months ago) by rajo
Changes since 2.17: +7 -1
lines Diff to previous 2.17 (unified)
Experimental IP accounting support.
Revision 2.17 / (download) - [select for diffs], Tue Nov 1 00:36:24 2005 UTC (18 years, 5 months ago) by rajo
Changes since 2.16: +1 -2
lines Diff to previous 2.16 (unified)
Cleanup.
Revision 2.16 / (download) - [select for diffs], Wed Jun 29 15:42:22 2005 UTC (18 years, 9 months ago) by rajo
Changes since 2.15: +2 -2
lines Diff to previous 2.15 (unified)
Fix: logging should be "on" by default.
Revision 2.15 / (download) - [select for diffs], Wed Jun 29 15:24:04 2005 UTC (18 years, 9 months ago) by rajo
Changes since 2.14: +5 -1
lines Diff to previous 2.14 (unified)
* Logging via syslog can be turned off (default is on).
* Variable DEFAULT_CONFIG renamed to DEFAULT_FIREWALL_CONFIG.
* Fixed usage() message.
Revision 2.14 / (download) - [select for diffs], Wed Mar 16 13:53:34 2005 UTC (19 years ago) by rajo
Changes since 2.13: +8 -1
lines Diff to previous 2.13 (unified)
* New Feature: bann IP address
This feature has been developed for following reason:
UbiCrawler spam our website with many requests (they are duplicit requests of the same page!)
And this web robot doesn't accept HTTP META tags (http://www.robotstxt.org/wc/faq.html#extension)
User Agent: "UbiCrawler/v0.4beta (http://ubi.iit.cnr.it/projects/ubicrawler/)"
Revision 2.13 / (download) - [select for diffs], Tue Mar 1 23:17:11 2005 UTC (19 years, 1 month ago) by rajo
Changes since 2.12: +7 -2
lines Diff to previous 2.12 (unified)
New feature: port forwarding to local machines
Revision 2.12 / (download) - [select for diffs], Tue Mar 1 21:47:20 2005 UTC (19 years, 1 month ago) by rajo
Changes since 2.11: +6 -1
lines Diff to previous 2.11 (unified)
Deny NAT for some clients in your LAN.
Revision 2.11 / (download) - [select for diffs], Sun Jan 16 15:27:15 2005 UTC (19 years, 2 months ago) by rajo
Changes since 2.10: +4 -1
lines Diff to previous 2.10 (unified)
Added traceroute support
Revision 2.10 / (download) - [select for diffs], Sun Jan 16 15:23:39 2005 UTC (19 years, 2 months ago) by rajo
Changes since 2.9: +10 -2
lines Diff to previous 2.9 (unified)
Added ICMP description.
Revision 2.9 / (download) - [select for diffs], Sun Jan 16 13:27:54 2005 UTC (19 years, 2 months ago) by rajo
Changes since 2.8: +2 -2
lines Diff to previous 2.8 (unified)
Log limit changed from 12/h to 12/s with limit-burst 24
Revision 2.8 / (download) - [select for diffs], Sun Jan 16 13:14:31 2005 UTC (19 years, 2 months ago) by rajo
Changes since 2.7: +2 -2
lines Diff to previous 2.7 (unified)
Accept also fragmentation-needed ICMP packets
Revision 2.7 / (download) - [select for diffs], Sun Jan 16 12:08:48 2005 UTC (19 years, 2 months ago) by rajo
Changes since 2.6: +4 -3
lines Diff to previous 2.6 (unified)
* DEBUG turned off.
* lo interface addded to $IFACE_ACCEPT_ALL
Revision 2.6 / (download) - [select for diffs], Sun Jan 16 11:06:10 2005 UTC (19 years, 2 months ago) by rajo
Changes since 2.5: +5 -2
lines Diff to previous 2.5 (unified)
Added simple DEBUG
Revision 2.5 / (download) - [select for diffs], Sun Jan 16 10:55:39 2005 UTC (19 years, 2 months ago) by rajo
Changes since 2.4: +2 -1
lines Diff to previous 2.4 (unified)
Added $ALL_ACCEPT_INPUT_UDP - accept UDP packets on ports
Revision 2.4 / (download) - [select for diffs], Thu Jan 13 13:31:54 2005 UTC (19 years, 2 months ago) by rajo
Changes since 2.3: +2 -2
lines Diff to previous 2.3 (unified)
* Log level set to 'notice'.
* * options '-j LOG --log-prefix' included into variable $LOG_LIMIT
Revision 2.3 / (download) - [select for diffs], Sun Jan 2 13:31:46 2005 UTC (19 years, 2 months ago) by rajo
Changes since 2.2: +7 -1
lines Diff to previous 2.2 (unified)
* Fix: fixed ICMP configuration.
* Allow ICMP packets in FORWARD chains.
Revision 2.2 / (download) - [select for diffs], Sun Jan 2 01:49:01 2005 UTC (19 years, 2 months ago) by rajo
Changes since 2.1: +22 -7
lines Diff to previous 2.1 (unified)
* NAT support.
* NAT: don't forward Miscrosoft protocols - NOT RFC compliant packets
* NAT: Configure port forwarding
* Log new connections: usefull for securing your NAT network.
Revision 2.1 / (download) - [select for diffs], Sun Dec 12 18:07:11 2004 UTC (19 years, 3 months ago) by rajo
* Fixed antispoof filter.
* Added masquerading support.
* Ability to configure package dropping.
Revision 2.0 / (download) - [select for diffs], Sun Nov 14 15:23:09 2004 UTC (19 years, 4 months ago) by rajo
* Firewall configuration is now in config file.
* Default $INET_IFACE removed - replaced by per-interface configuration
options.
* Fixed bug with unloading modules.
* allow_icmp() function was not called - fixed.
This form allows you to request diff's between any two
revisions of a file. You may select a symbolic revision
name using the selection box or you may type in a numeric
name using the type-in text box.
Platon Group <platon@platon.org> http://platon.org/
|