Robert "ar" Gerus
|
e833daec81
|
small fixes
|
2013-03-23 06:32:56 +01:00 |
Robert "ar" Gerus
|
05ae772e99
|
Don't err with no parameters
|
2013-03-23 06:28:37 +01:00 |
Robert "ar" Gerus
|
b649dec436
|
policy - ACCEPT
|
2013-03-23 06:26:23 +01:00 |
Robert "ar" Gerus
|
bc4ce5ccee
|
typo
|
2013-03-12 17:30:38 +01:00 |
Robert "ar" Gerus
|
6879b88bfd
|
it should work now.
|
2013-03-12 17:28:59 +01:00 |
Robert "ar" Gerus
|
15156bc1cb
|
fukitol.
|
2013-03-12 16:15:01 +01:00 |
Robert "ar" Gerus
|
65fa267c2f
|
ehh...
|
2013-03-12 16:13:49 +01:00 |
Robert "ar" Gerus
|
eee9b8d627
|
fuckitall
|
2013-03-12 16:12:58 +01:00 |
Robert "ar" Gerus
|
84cf596dda
|
yeah yeah, -j ACCEPT...
|
2013-03-12 16:04:28 +01:00 |
Robert "ar" Gerus
|
af7ff9550d
|
swap it.
|
2013-03-12 16:01:51 +01:00 |
Robert "ar" Gerus
|
99a940c16a
|
forgot about output chain.
|
2013-03-12 15:59:12 +01:00 |
Robert "ar" Gerus
|
0e79c8cae8
|
Permit local connections to DNS.
|
2013-03-12 15:57:14 +01:00 |
Robert "ar" Gerus
|
1186c1e5a1
|
permit ntp traffic to tempus1.gum.gov.pl and tempus2.gum.gov.pl from firewall
|
2013-03-12 13:51:28 +01:00 |
Robert "ar" Gerus
|
7c70c33a2a
|
enable outbound http for now again.
|
2013-03-12 13:27:36 +01:00 |
Robert "ar" Gerus
|
67de643a77
|
Add bash script headers, to make editors treat rule files as bash scripts for syntax highlighting etc.
|
2013-03-12 10:07:06 +01:00 |
Robert "ar" Gerus
|
2b43695452
|
cleanup & fix
|
2013-03-11 22:04:48 +01:00 |
Robert "ar" Gerus
|
f25b58a981
|
try this
|
2013-03-11 21:57:45 +01:00 |
Robert "ar" Gerus
|
e1db34e9d9
|
try to use multiport match
|
2013-03-11 21:52:34 +01:00 |
Robert "ar" Gerus
|
0342e5de6b
|
Now it should work
|
2013-03-11 21:49:16 +01:00 |
Robert "ar" Gerus
|
f1e0978bf7
|
hmm..
|
2013-03-11 21:46:08 +01:00 |
Robert "ar" Gerus
|
9c585fa543
|
try something else...
|
2013-03-11 21:38:24 +01:00 |
Robert "ar" Gerus
|
f644fae1b2
|
Pass the ssh port through
|
2013-03-11 21:34:32 +01:00 |
Robert "ar" Gerus
|
4dcc88178d
|
Block crap by default
|
2013-03-11 21:32:46 +01:00 |
Robert "ar" Gerus
|
8e0b26731b
|
No second WAN ip for us...
|
2013-03-11 21:32:27 +01:00 |
Robert "ar" Gerus
|
3119e275d5
|
WAN not LAN
|
2013-03-11 21:14:11 +01:00 |
Robert "ar" Gerus
|
9799bf2786
|
test
|
2013-03-11 20:10:48 +01:00 |
Robert "ar" Gerus
|
b9dea0611f
|
hmm...
|
2013-03-11 20:08:37 +01:00 |
Robert "ar" Gerus
|
713a85ab6e
|
Cleaned up and added rtorrent port forwards.
|
2013-03-11 19:16:08 +01:00 |
Robert "ar" Gerus
|
5691b6ad5f
|
Don't need it anymore
|
2013-03-11 19:10:00 +01:00 |
Robert "ar" Gerus
|
3d175eb83e
|
Cleanup.
|
2013-03-11 19:05:06 +01:00 |
Robert "ar" Gerus
|
56669f4136
|
Fix and cleanup.
|
2013-03-11 19:01:44 +01:00 |
Robert "ar" Gerus
|
111a104be8
|
Fix and cleanup.
|
2013-03-11 19:01:09 +01:00 |
Robert "ar" Gerus
|
8cefb0e5c5
|
We *probably* don't need these.
|
2013-03-11 18:53:21 +01:00 |
Robert "ar" Gerus
|
3a170b22ba
|
OK, we need this one.
|
2013-03-11 18:48:54 +01:00 |
Robert "ar" Gerus
|
4223d37857
|
Add a conntrack based INPUT rule and comment-out, for now, other INPUT rules.
|
2013-03-11 18:45:11 +01:00 |
Robert "ar" Gerus
|
3526f0157d
|
typo
|
2013-03-11 18:41:45 +01:00 |
Robert "ar" Gerus
|
d5608db696
|
Temporairly permit outbound HTTP.
|
2013-03-11 18:41:17 +01:00 |
Robert "ar" Gerus
|
6964eb5087
|
Permit outbound connections to DNS servers.
|
2013-03-11 18:37:30 +01:00 |
Robert "ar" Gerus
|
efee8d3df6
|
A small fix
|
2013-03-11 18:32:23 +01:00 |
Robert "ar" Gerus
|
b6da2d8eac
|
That's not needed anymore
|
2013-03-11 18:29:42 +01:00 |
Robert "ar" Gerus
|
8bddec4f78
|
change policy to DROP
|
2013-03-11 18:24:42 +01:00 |
Robert "ar" Gerus
|
bb10835825
|
Add output chain rules for services.
|
2013-03-11 18:22:32 +01:00 |
Robert "ar" Gerus
|
174ae7e8a0
|
Load it at the end
|
2013-03-11 18:20:33 +01:00 |
Robert "ar" Gerus
|
74c5cd0b1b
|
Don't block related or established traffic on WAN
|
2013-03-11 17:29:56 +01:00 |
Robert "ar" Gerus
|
1d2eeade80
|
Change the default policy to: reject all incoming traffic from WAN interface, leave LAN interface alone
|
2013-03-11 17:24:59 +01:00 |
Robert "ar" Gerus
|
33aa41f864
|
Neuter the default policy ruleset
|
2013-03-11 17:21:43 +01:00 |
Robert "ar" Gerus
|
f01018683d
|
A small fix.
|
2013-03-11 14:14:11 +01:00 |
Robert "ar" Gerus
|
d2e9fdbe49
|
Typo
|
2013-03-11 14:11:12 +01:00 |
Robert "ar" Gerus
|
5887c025ae
|
Permit outgoing ssh connections to amanojaku
|
2013-03-11 14:10:38 +01:00 |
Robert "ar" Gerus
|
0f6b9e926e
|
Apparently only DROP and ACCEPT will work.
|
2013-03-11 13:25:00 +01:00 |