diff options
Diffstat (limited to 'templates')
-rw-r--r-- | templates/ferm.conf.epp | 16 | ||||
-rw-r--r-- | templates/ferm_chain_header.conf.epp | 8 | ||||
-rw-r--r-- | templates/ferm_header.conf.epp | 8 |
3 files changed, 32 insertions, 0 deletions
diff --git a/templates/ferm.conf.epp b/templates/ferm.conf.epp new file mode 100644 index 0000000..42a44be --- /dev/null +++ b/templates/ferm.conf.epp @@ -0,0 +1,16 @@ +# End custom section + +domain (ip ip6) table filter { + chain INPUT { + interface lo ACCEPT; + @include '/etc/ferm.d/chains/INPUT.conf'; + } + + chain OUTPUT { + @include '/etc/ferm.d/chains/OUTPUT.conf'; + } + + chain FORWARD { + @include '/etc/ferm.d/chains/FORWARD.conf'; + } +} diff --git a/templates/ferm_chain_header.conf.epp b/templates/ferm_chain_header.conf.epp new file mode 100644 index 0000000..b8c444c --- /dev/null +++ b/templates/ferm_chain_header.conf.epp @@ -0,0 +1,8 @@ +<%- | Ferm::Policies $policy, +| -%> +# Default policy for this chain +policy <%= $policy %>; + +# connection tracking +mod state state INVALID DROP; +mod state state (ESTABLISHED RELATED) ACCEPT; diff --git a/templates/ferm_header.conf.epp b/templates/ferm_header.conf.epp new file mode 100644 index 0000000..66922d7 --- /dev/null +++ b/templates/ferm_header.conf.epp @@ -0,0 +1,8 @@ +# Currently managed by Puppet +# Author: Tim Meusel <tim@bastelfreak.de> +# + +# get all ip definitions +@include '/etc/ferm.d/definitions/'; + +# Begin custom section |