https://github.com/akotov-dev/bastion
Bastion - gateway and site filter for the office network (Mageia-8-x86_64)
https://github.com/akotov-dev/bastion
filtering gateway iptables squid
Last synced: 5 months ago
JSON representation
Bastion - gateway and site filter for the office network (Mageia-8-x86_64)
- Host: GitHub
- URL: https://github.com/akotov-dev/bastion
- Owner: AKotov-dev
- License: gpl-3.0
- Created: 2021-10-12T15:10:24.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2021-10-27T13:00:11.000Z (over 4 years ago)
- Last Synced: 2025-04-13T20:03:10.436Z (about 1 year ago)
- Topics: filtering, gateway, iptables, squid
- Language: Pascal
- Homepage:
- Size: 72.6 MB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Bastion - gateway and site filter for the office network
--
Dependencies: `iptables squid ipset bind-utils apache squidanalyzer polkit sakura openssh-server dnsmasq samba net-tools`
Three-level filtering HTTP/HTTPS:
+ Squid + Black/White lists of domains + VIP-users
+ IPTables + IPSet (blocking host=multiple IP) + dictionary filtering
+ SquidAnalyzer - internet connection log analyzer
Physically it consists of two parts:
+ GUI (rpm-package, pulls up all the necessary dependencies)
+ Archive of configuration files (.tar.gz unpacked manually `etc->etc`)
Configure the `WAN/LAN` on the computer acting as the gateway and run `Bastion`. Specify the interface names, the local network and click the `New Certificate` button. After the certificate is created, install it in the client browsers. To instantly apply the blocking rules from the lists or the first start, click the `Restart` button. Remote access to the server is `SSH:22` (Internet/LAN). Port 22 is protected from brute force: three failed passwords are blocked for 60 seconds.
Note:
+ Bastion can be configured/run without GUI (scripts only)
+ Bastion has built-in DNS/DHCP (dnsmasq); address pool `x.x.x.50-x.x.x.250`
+ When `samba` is enabled, a shared folder `/usr/local/Common` is created with a `.recycle` bin, which is cleaned every month. The `\\LAN-IP\Common` folder can be connected as a shared disk
