Skip to content
Snippets Groups Projects
Select Git revision
  • master default
  • stable
  • mediaserver-10.0.0
  • mediaserver-9.7.1
  • mediaserver-9.7.0
  • mediaserver-9.6.0
  • mediaserver-9.5.0
  • mediaserver-9.4.0
  • no-ansible
9 results
Blame Permalink
ferm.conf 893 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44 






# -*- shell-script -*-
#
#  Configuration file for ferm(1).
#

table filter {
    chain INPUT {
        policy DROP;

        # connection tracking
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;

        # allow local packet
        interface lo ACCEPT;

        # respond to ping
        proto icmp ACCEPT; 

        # allow SSH connections
        proto tcp dport ssh ACCEPT;

        # http https
        proto tcp dport (http https) ACCEPT;

        # snmp
        proto udp dport snmp ACCEPT;
    }
    chain OUTPUT {
        policy ACCEPT;

        # connection tracking
        #mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;
    }
    chain FORWARD {
        policy DROP;

        # connection tracking
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;
    }
}