old-firewall

5e3c441f25 Not needed anymore master Robert Gerus 2014-09-15 07:18:07 +0200
5bc05d0efd … Robert Gerus 2014-09-15 06:55:47 +0200
ec537f28bd whoopsie… Robert Gerus 2014-09-13 13:49:54 +0200
1a7e0fcf8b amanojaku is 192.168.0.11 on the wan interface. Robert Gerus 2014-09-13 13:23:29 +0200
e9c87481df Amanojaku has lan on, well, lan and not lanbr Robert Gerus 2014-09-13 13:21:48 +0200
8e6a5e6a2a thor ssh Robert Gerus 2014-08-30 15:51:49 +0200
888c2f3090 Forward udp for minecraft query protocol Robert Gerus 2014-08-30 11:44:50 +0200
614f4e4433 network reorganization: #1 - uplink is on wan vlan Robert Gerus 2014-07-27 15:40:59 +0200
5478dd76a2 Port for transmission on amanojaku Robert Gerus 2014-07-13 20:41:23 +0200
d92a102e01 we need ssh, sometimes ;) Robert Gerus 2014-06-21 14:14:44 +0200
bc96cfd10c Creative and snapshot minecraft servers on amanojaku Robert Gerus 2014-06-20 21:22:37 +0200
ad5118bc5e WAN ip changed. Robert Gerus 2014-05-17 00:22:29 +0200
c329730b23 connecting to hackerspace! Robert Gerus 2014-03-05 17:42:58 +0100
78e742011a swapping the NICs Robert Gerus 2014-02-27 21:09:05 +0100
49e1f905a5 port redirect for yolla Robert Gerus 2014-02-06 18:17:53 +0100
4f6eec12ad port redirect for yolla Robert Gerus 2014-02-06 18:14:55 +0100
321e3d4fd8 port redirect for yolla Robert Gerus 2014-02-06 18:14:25 +0100
58895725db port redirect for yolla Robert Gerus 2014-02-06 18:13:18 +0100
4bae2cb246 cleanup and fixup Robert Gerus 2013-11-24 17:19:33 +0100
b8df2c5b47 pht is being a dick... and i made a typo Robert Gerus 2013-10-25 10:05:25 +0200
d47840e06d pht is being a dick... Robert Gerus 2013-10-25 10:00:27 +0200
dec1f86d32 Redirect for http Robert Gerus 2013-07-31 00:35:40 +0200
58ef71e996 ip change Robert Gerus 2013-07-27 21:36:24 +0200
22a6f49781 pht - zmiana publicznego ip wychodzącego do shell.k4be.pl na _WAN2. Robert Gerus 2013-07-09 23:36:34 +0200
a94ab7d8d0 add the 666 port redirect on second ip. Robert Gerus 2013-07-09 00:02:55 +0200
c90ee51978 :666 → 10.24.0.29:22 Robert Gerus 2013-07-08 23:51:01 +0200
4d48646fb7 eth1 -> lanbr Robert "ar" Gerus 2013-05-21 07:49:19 +0200
ffbd1d9f49 back to eth0 Robert "ar" Gerus 2013-05-21 00:33:19 +0200
78b33b8942 one more place Robert "ar" Gerus 2013-05-12 17:34:22 +0200
3c26dc8d41 yup, it is wan0 now, not eth0 Robert "ar" Gerus 2013-05-12 17:29:40 +0200
3bb4b351bb amanojaku is gone Robert "ar" Gerus 2013-05-03 10:01:21 +0200
3d4e192764 forward port 20000 Robert "ar" Gerus 2013-04-16 19:43:31 +0200
9ff1b8120e ssh for q3k Robert "ar" Gerus 2013-04-11 18:53:28 +0200
dde74465ae out Robert "ar" Gerus 2013-04-06 21:29:42 +0200
501f917dde hmm... Robert "ar" Gerus 2013-04-06 21:26:51 +0200
7bdac9348e srsly q3k 2013-04-02 11:43:53 +0200
a7bce36766 I cannot into iptables. q3k 2013-04-02 11:43:29 +0200
e4f106b15a Forward some of my crap. q3k 2013-04-02 11:40:56 +0200
669472f4b3 make mosh work Robert "ar" Gerus 2013-03-25 08:53:51 +0100
fa7d982159 get our snat back Robert "ar" Gerus 2013-03-24 09:45:10 +0100
364e8ccdf7 comment out our snat, and extend the comment for the 192.168.0.1 snat rule Robert "ar" Gerus 2013-03-24 06:56:55 +0100
3491cd19c2 fix connections to modem Robert "ar" Gerus 2013-03-23 12:00:19 +0100
4095ac05a1 my laptop has a different IP now. Robert "ar" Gerus 2013-03-23 11:50:04 +0100
04105bfcd9 typo Robert "ar" Gerus 2013-03-23 07:38:58 +0100
7077a94512 Oh, that would be painful if it hit... Robert "ar" Gerus 2013-03-23 07:37:04 +0100
b1c6f069d9 some debuging Robert "ar" Gerus 2013-03-23 07:36:23 +0100
ea88cd4a1a Try using the other pub-ip Robert "ar" Gerus 2013-03-23 07:34:19 +0100
50376f3bbf ip isn't always in sbin and we do have a sanitized ${PATH} Robert "ar" Gerus 2013-03-23 07:12:27 +0100
9e00c896b7 typo Robert "ar" Gerus 2013-03-23 07:11:09 +0100
0087ca63d3 We may be able to use a second wan IP after all Robert "ar" Gerus 2013-03-23 07:10:14 +0100
e833daec81 small fixes Robert "ar" Gerus 2013-03-23 06:32:56 +0100
05ae772e99 Don't err with no parameters Robert "ar" Gerus 2013-03-23 06:28:37 +0100
b649dec436 policy - ACCEPT Robert "ar" Gerus 2013-03-23 06:26:23 +0100
bc4ce5ccee typo Robert "ar" Gerus 2013-03-12 17:30:38 +0100
6879b88bfd it should work now. Robert "ar" Gerus 2013-03-12 17:28:59 +0100
15156bc1cb fukitol. Robert "ar" Gerus 2013-03-12 16:15:01 +0100
65fa267c2f ehh... Robert "ar" Gerus 2013-03-12 16:13:49 +0100
eee9b8d627 fuckitall Robert "ar" Gerus 2013-03-12 16:12:58 +0100
84cf596dda yeah yeah, -j ACCEPT... Robert "ar" Gerus 2013-03-12 16:04:28 +0100
af7ff9550d swap it. Robert "ar" Gerus 2013-03-12 16:01:51 +0100
99a940c16a forgot about output chain. Robert "ar" Gerus 2013-03-12 15:59:12 +0100
0e79c8cae8 Permit local connections to DNS. Robert "ar" Gerus 2013-03-12 15:57:14 +0100
1186c1e5a1 permit ntp traffic to tempus1.gum.gov.pl and tempus2.gum.gov.pl from firewall Robert "ar" Gerus 2013-03-12 13:51:28 +0100
7c70c33a2a enable outbound http for now again. Robert "ar" Gerus 2013-03-12 13:27:36 +0100
67de643a77 Add bash script headers, to make editors treat rule files as bash scripts for syntax highlighting etc. Robert "ar" Gerus 2013-03-12 10:07:06 +0100
2b43695452 cleanup & fix Robert "ar" Gerus 2013-03-11 22:04:48 +0100
f25b58a981 try this Robert "ar" Gerus 2013-03-11 21:57:45 +0100
e1db34e9d9 try to use multiport match Robert "ar" Gerus 2013-03-11 21:52:34 +0100
0342e5de6b Now it should work Robert "ar" Gerus 2013-03-11 21:49:16 +0100
f1e0978bf7 hmm.. Robert "ar" Gerus 2013-03-11 21:46:08 +0100
9c585fa543 try something else... Robert "ar" Gerus 2013-03-11 21:38:24 +0100
f644fae1b2 Pass the ssh port through Robert "ar" Gerus 2013-03-11 21:34:32 +0100
4dcc88178d Block crap by default Robert "ar" Gerus 2013-03-11 21:32:46 +0100
8e0b26731b No second WAN ip for us... Robert "ar" Gerus 2013-03-11 21:32:27 +0100
3119e275d5 WAN not LAN Robert "ar" Gerus 2013-03-11 21:14:11 +0100
9799bf2786 test Robert "ar" Gerus 2013-03-11 20:10:48 +0100
b9dea0611f hmm... Robert "ar" Gerus 2013-03-11 20:08:37 +0100
713a85ab6e Cleaned up and added rtorrent port forwards. Robert "ar" Gerus 2013-03-11 19:16:08 +0100
5691b6ad5f Don't need it anymore Robert "ar" Gerus 2013-03-11 19:10:00 +0100
3d175eb83e Cleanup. Robert "ar" Gerus 2013-03-11 19:05:06 +0100
56669f4136 Fix and cleanup. Robert "ar" Gerus 2013-03-11 19:01:44 +0100
111a104be8 Fix and cleanup. Robert "ar" Gerus 2013-03-11 19:01:09 +0100
8cefb0e5c5 We *probably* don't need these. Robert "ar" Gerus 2013-03-11 18:53:21 +0100
3a170b22ba OK, we need this one. Robert "ar" Gerus 2013-03-11 18:48:54 +0100
4223d37857 Add a conntrack based INPUT rule and comment-out, for now, other INPUT rules. Robert "ar" Gerus 2013-03-11 18:45:11 +0100
3526f0157d typo Robert "ar" Gerus 2013-03-11 18:41:45 +0100
d5608db696 Temporairly permit outbound HTTP. Robert "ar" Gerus 2013-03-11 18:41:17 +0100
6964eb5087 Permit outbound connections to DNS servers. Robert "ar" Gerus 2013-03-11 18:37:30 +0100
efee8d3df6 A small fix Robert "ar" Gerus 2013-03-11 18:32:23 +0100
b6da2d8eac That's not needed anymore Robert "ar" Gerus 2013-03-11 18:29:42 +0100
8bddec4f78 change policy to DROP Robert "ar" Gerus 2013-03-11 18:24:42 +0100
bb10835825 Add output chain rules for services. Robert "ar" Gerus 2013-03-11 18:22:32 +0100
174ae7e8a0 Load it at the end Robert "ar" Gerus 2013-03-11 18:20:33 +0100
74c5cd0b1b Don't block related or established traffic on WAN Robert "ar" Gerus 2013-03-11 17:29:56 +0100
1d2eeade80 Change the default policy to: reject all incoming traffic from WAN interface, leave LAN interface alone Robert "ar" Gerus 2013-03-11 17:24:59 +0100
33aa41f864 Neuter the default policy ruleset Robert "ar" Gerus 2013-03-11 17:21:43 +0100
f01018683d A small fix. Robert "ar" Gerus 2013-03-11 14:14:11 +0100
d2e9fdbe49 Typo Robert "ar" Gerus 2013-03-11 14:11:12 +0100
5887c025ae Permit outgoing ssh connections to amanojaku Robert "ar" Gerus 2013-03-11 14:10:38 +0100
0f6b9e926e Apparently only DROP and ACCEPT will work. Robert "ar" Gerus 2013-03-11 13:25:00 +0100

Commit Graph Select branches Hide Pull Requests master Mono Color

Commit Graph

Select branches

Hide Pull Requests

master