Skip to content

TurboLabIt/zzfirewall

Repository files navigation

🔥🧱 zzfirewall 🧱🔥

iptables rules to stop undesired connections.

Install

Just execute:

sudo apt install curl -y && \
  curl -s https://raw.githubusercontent.com/TurboLabIt/zzfirewall/master/setup.sh | sudo bash

Now copy the provided sample configuration file (zzfirewall.default.conf) to your own zzfirewall.conf and set your preference:

sudo cp /usr/local/turbolab.it/zzfirewall/zzfirewall.default.conf /etc/turbolab.it/zzfirewall.conf && \
  sudo nano /etc/turbolab.it/zzfirewall.conf

Shields Up!

sudo zzfirewall

Restrict SSH access

If you want to limit SSH access to pre-approved hosts, create a file and add your IPs/DDNS (one per line):

sudo nano /etc/turbolab.it/zzfirewall-whitelist.conf && \
  sudo zzfirewall-whitelist-update

Geo-allow web access

To allow HTTP(S) traffic from specific countries only, do this:

## Allow web traffic from specific countries only
ALLOW_WEBSERVER=0
GEOALLOW_WEB_COUNTRIES=italy,switzerland

How to Cloudflare

Just set:

## Allow web traffic from Cloudflare only
ALLOW_WEBSERVER=0

All web traffic will be accepted through Cloudflare only.

On-the-fly IP whitelist

sudo iptables -I "INPUT" -s "TRUSTED_IP_ADDRESS" -j ACCEPT

Database-only, LAN-only server

## Database-only, LAN-only server
ALLOW_WEBSERVER=0
ALLOW_WEBSERVER_FROM_WHITELIST=0
ALLOW_FTP=0
GEOBLOCK=0

Emergency firewall reset

sudo zzfirewall-reset

It wipes every iptables rule and every ipset on the box. If Docker is installed and running, it gets restarted automatically so it can rebuild its own iptables rules.


For the maintainers: update the lists

sudo zzfirewall-generate

About

iptables rules to shut off undesired connection and clients from certain geos

Topics

Resources

Stars

0 stars

Watchers

2 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors