mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 08:44:05 +01:00
b7d2e8c684
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3999 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
113 lines
2.4 KiB
Plaintext
113 lines
2.4 KiB
Plaintext
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST EXT
|
|
|
|
#
|
|
# Meta-policies - no ACCEPT/DNAT rules contravening these may be defined in
|
|
# the policy or rules file. These are not part of shorewall and do not
|
|
# actually block any traffic. They are about stopping the firewall
|
|
# administrator from activating silly rules. Note that these rules should
|
|
# always be accompanied by a corresponding REJECT/BAN policy as they don't
|
|
# actually set the shorewall policy (see below for these).
|
|
#
|
|
# These policies are samples only and are not suggested for your
|
|
# environment. You must decide on the policies that are right for you.
|
|
#
|
|
|
|
guest lan BAN
|
|
proxy lan BAN
|
|
mail lan BAN
|
|
og lan BAN
|
|
net lan BAN
|
|
|
|
proxy guest BAN
|
|
mail guest BAN
|
|
og guest BAN
|
|
net guest BAN
|
|
|
|
proxy ig BAN
|
|
mail ig BAN
|
|
og ig BAN
|
|
net ig BAN
|
|
|
|
net proxy BAN
|
|
|
|
proxy og BAN
|
|
mail og BAN
|
|
net og BAN
|
|
|
|
ig net BAN
|
|
|
|
|
|
#
|
|
# Now the normal policies. We define each set of zone pairs individually
|
|
# so that Shorewall produces more meaningful error messages.
|
|
#
|
|
|
|
lan guest ACCEPT info
|
|
lan ig REJECT info
|
|
lan proxy REJECT info
|
|
lan mail REJECT info
|
|
lan og REJECT info
|
|
lan net REJECT info
|
|
lan other REJECT info
|
|
lan all REJECT info
|
|
|
|
guest lan REJECT info
|
|
guest ig REJECT info
|
|
guest proxy REJECT info
|
|
guest mail REJECT info
|
|
guest og REJECT info
|
|
guest net ACCEPT info
|
|
guest other REJECT info
|
|
guest all REJECT info
|
|
|
|
ig lan REJECT info
|
|
ig guest REJECT info
|
|
ig proxy REJECT info
|
|
ig mail REJECT info
|
|
ig og REJECT info
|
|
ig net REJECT info
|
|
ig other REJECT info
|
|
ig all REJECT info
|
|
|
|
proxy lan REJECT info
|
|
proxy guest REJECT info
|
|
proxy ig REJECT info
|
|
proxy mail REJECT info
|
|
proxy og REJECT info
|
|
proxy net ACCEPT
|
|
proxy other REJECT info
|
|
proxy all REJECT info
|
|
|
|
mail lan REJECT info
|
|
mail guest REJECT info
|
|
mail ig REJECT info
|
|
mail proxy REJECT info
|
|
mail og REJECT info
|
|
mail net REJECT info
|
|
mail other REJECT info
|
|
mail all REJECT info
|
|
|
|
og lan REJECT info
|
|
og guest REJECT info
|
|
og ig REJECT info
|
|
og proxy REJECT info
|
|
og mail REJECT info
|
|
og net REJECT info
|
|
og other REJECT info
|
|
og all REJECT info
|
|
|
|
net lan DROP info
|
|
net guest DROP info
|
|
net ig DROP info
|
|
net proxy DROP info
|
|
net mail DROP info
|
|
net og DROP info
|
|
net other DROP info
|
|
net all DROP info
|
|
|
|
# Catch-all policies
|
|
other all DROP info
|
|
all all DROP info
|
|
|
|
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
|