forked from extern/shorewall_code
new samples for the upcoming 2.6 release
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2528 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
bd44195ee7
commit
d6da8fb9d5
@ -187,6 +187,6 @@
|
||||
#
|
||||
##############################################################################
|
||||
#ZONE INTERFACE BROADCAST OPTIONS
|
||||
net eth0 detect dhcp,routefilter,norfc1918,tcpflags
|
||||
loc eth1 detect tcpflags
|
||||
net eth0 detect dhcp,tcpflags,norfc1918,routefilter,nosmurfs,logmartians
|
||||
loc eth1 detect tcpflags,detectnets
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||
|
@ -340,17 +340,22 @@
|
||||
#
|
||||
# Accept DNS connections from the firewall to the network
|
||||
#
|
||||
ACCEPT fw net tcp 53
|
||||
ACCEPT fw net udp 53
|
||||
DNS/ACCEPT fw net
|
||||
#
|
||||
# Accept SSH connections from the local network for administration
|
||||
#
|
||||
ACCEPT loc fw tcp 22
|
||||
SSH/ACCEPT loc net
|
||||
#
|
||||
# Allow Ping To And From Firewall
|
||||
# Allow Ping from the local network
|
||||
#
|
||||
ACCEPT loc fw icmp 8
|
||||
ACCEPT net fw icmp 8
|
||||
Ping/ACCEPT loc fw
|
||||
|
||||
#
|
||||
# Reject Ping from the "bad" net zone.. and prevent your log from being flooded..
|
||||
#
|
||||
|
||||
Ping/REJECT:none! net fw
|
||||
|
||||
ACCEPT fw loc icmp
|
||||
ACCEPT fw net icmp
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user