# Firewall configuration for a TPC
# Inspired by http://ferm.foo-projects.org/download/examples/workstation.ferm
# File managed by puppet

table filter {
    chain INPUT {
        policy DROP;

        # connection tracking
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;

        # allow local connections
        interface lo ACCEPT;

        # respond to ping
        #proto icmp icmp-type echo-request ACCEPT;

        # allow SSH connections
        #proto tcp dport ssh ACCEPT;

        # ident connections are also allowed
        #proto tcp dport auth ACCEPT;

        # the rest is dropped by the above policy
    }

    # outgoing connections are not limited
    chain OUTPUT policy ACCEPT;

    # this is not a router
    chain FORWARD policy DROP;
}