RCS file: /etc/firewall/RCS/firewall,v Working file: /etc/firewall/firewall head: 1.11 branch: locks: strict access list: symbolic names: keyword substitution: kv total revisions: 11; selected revisions: 11 description: firewall - main script for CAcert hopper firewall ---------------------------- revision 1.11 date: 2016/08/13 09:47:12; author: root; state: Exp; lines: +5 -1 Allow nsd control on loopback interface. ---------------------------- revision 1.10 date: 2014/01/27 15:41:38; author: root; state: Exp; lines: +62 -18 Expand script to deal with IPv6. ---------------------------- revision 1.9 date: 2011/08/03 13:46:30; author: root; state: Exp; lines: +1 -3 Remove references to obsoleted IP address 172.16.2.102. ---------------------------- revision 1.8 date: 2011/08/01 15:22:32; author: root; state: Exp; lines: +3 -1 Allow dns (server) on the 172.16.3.102 address; this will replace the 172.16.2.102 address in the near future. ---------------------------- revision 1.7 date: 2010/06/24 13:57:32; author: root; state: Exp; lines: +4 -6 Widen up firewall to allow DNS queries and notifies to be sent anywhere in the world (note that the Tunix firewall has also been adjusted to allow this). ---------------------------- revision 1.6 date: 2010/06/22 16:00:00; author: root; state: Exp; lines: +8 -1 Add rules to allow incoming ICMP Echo and ICMP Time Exceeded. Add rule to log incoming traffic which is dropped. ---------------------------- revision 1.5 date: 2010/06/21 08:56:57; author: root; state: Exp; lines: +3 -1 Allow dns (server) on the 172.16.2.102 address. ---------------------------- revision 1.4 date: 2010/06/05 08:46:53; author: root; state: Exp; lines: +9 -2 Add rules to allow dns server to function, including possibility for checking it from the machine itself. ---------------------------- revision 1.3 date: 2010/06/04 10:58:32; author: root; state: Exp; lines: +7 -5 Add rules to allow logging to log server and dns to resolver on firewall. Drop special lines after "# this is the log server ...", since we are not. ---------------------------- revision 1.2 date: 2009/06/10 10:06:14; author: root; state: Exp; lines: +5 -1 *** empty log message *** ---------------------------- revision 1.1 date: 2009/06/08 13:05:10; author: root; state: Exp; Initial revision =============================================================================