shorewall_code/contrib/shoregen/samples/policy

113 lines
2.4 KiB
Plaintext
Raw Normal View History

#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST EXT
#
# Meta-policies - no ACCEPT/DNAT rules contravening these may be defined in
# the policy or rules file. These are not part of shorewall and do not
# actually block any traffic. They are about stopping the firewall
# administrator from activating silly rules. Note that these rules should
# always be accompanied by a corresponding REJECT/BAN policy as they don't
# actually set the shorewall policy (see below for these).
#
# These policies are samples only and are not suggested for your
# environment. You must decide on the policies that are right for you.
#
guest lan BAN
proxy lan BAN
mail lan BAN
og lan BAN
net lan BAN
proxy guest BAN
mail guest BAN
og guest BAN
net guest BAN
proxy ig BAN
mail ig BAN
og ig BAN
net ig BAN
net proxy BAN
proxy og BAN
mail og BAN
net og BAN
ig net BAN
#
# Now the normal policies. We define each set of zone pairs individually
# so that Shorewall produces more meaningful error messages.
#
lan guest ACCEPT info
lan ig REJECT info
lan proxy REJECT info
lan mail REJECT info
lan og REJECT info
lan net REJECT info
lan other REJECT info
lan all REJECT info
guest lan REJECT info
guest ig REJECT info
guest proxy REJECT info
guest mail REJECT info
guest og REJECT info
guest net ACCEPT info
guest other REJECT info
guest all REJECT info
ig lan REJECT info
ig guest REJECT info
ig proxy REJECT info
ig mail REJECT info
ig og REJECT info
ig net REJECT info
ig other REJECT info
ig all REJECT info
proxy lan REJECT info
proxy guest REJECT info
proxy ig REJECT info
proxy mail REJECT info
proxy og REJECT info
proxy net ACCEPT
proxy other REJECT info
proxy all REJECT info
mail lan REJECT info
mail guest REJECT info
mail ig REJECT info
mail proxy REJECT info
mail og REJECT info
mail net REJECT info
mail other REJECT info
mail all REJECT info
og lan REJECT info
og guest REJECT info
og ig REJECT info
og proxy REJECT info
og mail REJECT info
og net REJECT info
og other REJECT info
og all REJECT info
net lan DROP info
net guest DROP info
net ig DROP info
net proxy DROP info
net mail DROP info
net og DROP info
net other DROP info
net all DROP info
# Catch-all policies
other all DROP info
all all DROP info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE