diff options
Diffstat (limited to 'files/ferm/ferm.conf.tpc')
| -rw-r--r-- | files/ferm/ferm.conf.tpc | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/files/ferm/ferm.conf.tpc b/files/ferm/ferm.conf.tpc new file mode 100644 index 0000000..8a1017e --- /dev/null +++ b/files/ferm/ferm.conf.tpc @@ -0,0 +1,33 @@ +# Firewall configuration for a TPC +# Inspired by http://ferm.foo-projects.org/download/examples/workstation.ferm +# File managed by puppet + +table filter { + chain INPUT { + policy DROP; + + # connection tracking + #mod state state INVALID DROP; + #mod state state (ESTABLISHED RELATED) ACCEPT; + + # allow local connections + interface lo ACCEPT; + + # respond to ping + #proto icmp icmp-type echo-request ACCEPT; + + # allow SSH connections + #proto tcp dport ssh ACCEPT; + + # ident connections are also allowed + #proto tcp dport auth ACCEPT; + + # the rest is dropped by the above policy + } + + # outgoing connections are not limited + chain OUTPUT policy ACCEPT; + + # this is not a router + chain FORWARD policy DROP; +} |