thomas
/
sovereign
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
暫無描述
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
99 Commit
1 分支
目錄樹: b48b66d029
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'b48b66d029'
${ noResults }
sovereign/roles/common/files/etc_ferm_ferm.conf

etc_ferm_ferm.conf 894B
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536 
  1. # Firewall configuration for a web and SMTP server.

  2. # See http://ferm.foo-projects.org/

  3. 

  4. table filter {

  5.     chain INPUT {

  6.         policy DROP;

  7. 

  8.         # connection tracking

  9.         mod state state INVALID DROP;

  10.         mod state state (ESTABLISHED RELATED) ACCEPT;

  11. 

  12.         # allow local connections

  13.         interface lo ACCEPT;

  14. 

  15.         # respond to ping

  16.         proto icmp icmp-type echo-request ACCEPT;

  17. 

  18.         # expose our services to the world:

  19.         # dns, web, ssh, imap + ssl, smtp + ssl, znc

  20.         proto tcp dport (25 53 http https ssh 993 465 6697) ACCEPT;

  21. 

  22.         # openvpn

  23.         proto udp dport 1194 ACCEPT;

  24. 

  25.         # mosh port range

  26.         proto udp dport 60000:61000 ACCEPT;

  27. 

  28.         # the rest is dropped by the above policy

  29.     }

  30. 

  31.     # outgoing connections are not limited

  32.     chain OUTPUT policy ACCEPT;

  33. 

  34.     # this is not a router

  35.     chain FORWARD policy DROP;

  36. }