a7bce36766I cannot into iptables.q3k2013-04-02 11:43:29 +0200
e4f106b15aForward some of my crap.q3k2013-04-02 11:40:56 +0200
669472f4b3make mosh work
Robert "ar" Gerus
2013-03-25 08:53:51 +0100
fa7d982159get our snat back
Robert "ar" Gerus
2013-03-24 09:45:10 +0100
364e8ccdf7comment out our snat, and extend the comment for the 192.168.0.1 snat rule
Robert "ar" Gerus
2013-03-24 06:56:55 +0100
3491cd19c2fix connections to modem
Robert "ar" Gerus
2013-03-23 12:00:19 +0100
4095ac05a1my laptop has a different IP now.
Robert "ar" Gerus
2013-03-23 11:50:04 +0100
04105bfcd9typo
Robert "ar" Gerus
2013-03-23 07:38:58 +0100
7077a94512Oh, that would be painful if it hit...
Robert "ar" Gerus
2013-03-23 07:37:04 +0100
b1c6f069d9some debuging
Robert "ar" Gerus
2013-03-23 07:36:23 +0100
ea88cd4a1aTry using the other pub-ip
Robert "ar" Gerus
2013-03-23 07:34:19 +0100
50376f3bbfip isn't always in sbin and we do have a sanitized ${PATH}
Robert "ar" Gerus
2013-03-23 07:12:27 +0100
9e00c896b7typo
Robert "ar" Gerus
2013-03-23 07:11:09 +0100
0087ca63d3We may be able to use a second wan IP after all
Robert "ar" Gerus
2013-03-23 07:10:14 +0100
e833daec81small fixes
Robert "ar" Gerus
2013-03-23 06:32:56 +0100
05ae772e99Don't err with no parameters
Robert "ar" Gerus
2013-03-23 06:28:37 +0100
b649dec436policy - ACCEPT
Robert "ar" Gerus
2013-03-23 06:26:23 +0100
bc4ce5cceetypo
Robert "ar" Gerus
2013-03-12 17:30:38 +0100
6879b88bfdit should work now.
Robert "ar" Gerus
2013-03-12 17:28:59 +0100
15156bc1cbfukitol.
Robert "ar" Gerus
2013-03-12 16:15:01 +0100
65fa267c2fehh...
Robert "ar" Gerus
2013-03-12 16:13:49 +0100
eee9b8d627fuckitall
Robert "ar" Gerus
2013-03-12 16:12:58 +0100
84cf596ddayeah yeah, -j ACCEPT...
Robert "ar" Gerus
2013-03-12 16:04:28 +0100
af7ff9550dswap it.
Robert "ar" Gerus
2013-03-12 16:01:51 +0100
99a940c16aforgot about output chain.
Robert "ar" Gerus
2013-03-12 15:59:12 +0100
0e79c8cae8Permit local connections to DNS.
Robert "ar" Gerus
2013-03-12 15:57:14 +0100
1186c1e5a1permit ntp traffic to tempus1.gum.gov.pl and tempus2.gum.gov.pl from firewall
Robert "ar" Gerus
2013-03-12 13:51:28 +0100
7c70c33a2aenable outbound http for now again.
Robert "ar" Gerus
2013-03-12 13:27:36 +0100
67de643a77Add bash script headers, to make editors treat rule files as bash scripts for syntax highlighting etc.
Robert "ar" Gerus
2013-03-12 10:07:06 +0100
2b43695452cleanup & fix
Robert "ar" Gerus
2013-03-11 22:04:48 +0100
f25b58a981try this
Robert "ar" Gerus
2013-03-11 21:57:45 +0100
e1db34e9d9try to use multiport match
Robert "ar" Gerus
2013-03-11 21:52:34 +0100
0342e5de6bNow it should work
Robert "ar" Gerus
2013-03-11 21:49:16 +0100
f1e0978bf7hmm..
Robert "ar" Gerus
2013-03-11 21:46:08 +0100
9c585fa543try something else...
Robert "ar" Gerus
2013-03-11 21:38:24 +0100
f644fae1b2Pass the ssh port through
Robert "ar" Gerus
2013-03-11 21:34:32 +0100
4dcc88178dBlock crap by default
Robert "ar" Gerus
2013-03-11 21:32:46 +0100
8e0b26731bNo second WAN ip for us...
Robert "ar" Gerus
2013-03-11 21:32:27 +0100
3119e275d5WAN not LAN
Robert "ar" Gerus
2013-03-11 21:14:11 +0100
9799bf2786test
Robert "ar" Gerus
2013-03-11 20:10:48 +0100
b9dea0611fhmm...
Robert "ar" Gerus
2013-03-11 20:08:37 +0100
713a85ab6eCleaned up and added rtorrent port forwards.
Robert "ar" Gerus
2013-03-11 19:16:08 +0100
5691b6ad5fDon't need it anymore
Robert "ar" Gerus
2013-03-11 19:10:00 +0100
3d175eb83eCleanup.
Robert "ar" Gerus
2013-03-11 19:05:06 +0100
56669f4136Fix and cleanup.
Robert "ar" Gerus
2013-03-11 19:01:44 +0100
111a104be8Fix and cleanup.
Robert "ar" Gerus
2013-03-11 19:01:09 +0100
8cefb0e5c5We *probably* don't need these.
Robert "ar" Gerus
2013-03-11 18:53:21 +0100
3a170b22baOK, we need this one.
Robert "ar" Gerus
2013-03-11 18:48:54 +0100
4223d37857Add a conntrack based INPUT rule and comment-out, for now, other INPUT rules.
Robert "ar" Gerus
2013-03-11 18:45:11 +0100
3526f0157dtypo
Robert "ar" Gerus
2013-03-11 18:41:45 +0100
d5608db696Temporairly permit outbound HTTP.
Robert "ar" Gerus
2013-03-11 18:41:17 +0100
6964eb5087Permit outbound connections to DNS servers.
Robert "ar" Gerus
2013-03-11 18:37:30 +0100
efee8d3df6A small fix
Robert "ar" Gerus
2013-03-11 18:32:23 +0100
b6da2d8eacThat's not needed anymore
Robert "ar" Gerus
2013-03-11 18:29:42 +0100
8bddec4f78change policy to DROP
Robert "ar" Gerus
2013-03-11 18:24:42 +0100
bb10835825Add output chain rules for services.
Robert "ar" Gerus
2013-03-11 18:22:32 +0100
174ae7e8a0Load it at the end
Robert "ar" Gerus
2013-03-11 18:20:33 +0100
74c5cd0b1bDon't block related or established traffic on WAN
Robert "ar" Gerus
2013-03-11 17:29:56 +0100
1d2eeade80Change the default policy to: reject all incoming traffic from WAN interface, leave LAN interface alone
Robert "ar" Gerus
2013-03-11 17:24:59 +0100
33aa41f864Neuter the default policy ruleset
Robert "ar" Gerus
2013-03-11 17:21:43 +0100
f01018683dA small fix.
Robert "ar" Gerus
2013-03-11 14:14:11 +0100
d2e9fdbe49Typo
Robert "ar" Gerus
2013-03-11 14:11:12 +0100
5887c025aePermit outgoing ssh connections to amanojaku
Robert "ar" Gerus
2013-03-11 14:10:38 +0100
0f6b9e926eApparently only DROP and ACCEPT will work.
Robert "ar" Gerus
2013-03-11 13:25:00 +0100