unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Packaging ufw
@ 2018-11-10 16:01 swedebugia
  2018-11-10 18:19 ` swedebugia
  0 siblings, 1 reply; 7+ messages in thread
From: swedebugia @ 2018-11-10 16:01 UTC (permalink / raw)
  To: guix-devel

Hi

I like this firewall, has anybody started packaging it?

If not I'm going to try.

-- 
Cheers
Swedebugia

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: Packaging ufw
@ 2018-11-11  1:30 Jeremiah
  0 siblings, 0 replies; 7+ messages in thread
From: Jeremiah @ 2018-11-11  1:30 UTC (permalink / raw)
  To: guix-devel

> I like this firewall, has anybody started packaging it?
No, possibly because it doesn't add much when one has iptables and a
guix configuration script for it.

> We have no other firewall packages judging from my emacs-guix regex
> search.
We have iptables and ebtables
and I suggest you consider the following iptables/ip6tables rules:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

You could easily lock it down further but one piece of software needed
on servers missing on guix is port knocking software.

-Jeremiah

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2018-11-11  1:30 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-11-10 16:01 Packaging ufw swedebugia
2018-11-10 18:19 ` swedebugia
2018-11-10 18:24   ` Brett Gilio
2018-11-10 20:42     ` swedebugia
2018-11-10 21:25       ` Danny Milosavljevic
2018-11-10 18:30   ` Pierre Neidhardt
  -- strict thread matches above, loose matches on Subject: below --
2018-11-11  1:30 Jeremiah

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).