# # Shorewall 1.3 -- Policy File # # /etc/shorewall/policy # # This file determines what to do with a new connection request if we # don't get a match from the /etc/shorewall/rules file or from the # /etc/shorewall/common[.def] file. For each source/destination pair, the # file is processed in order until a match is found ("all" will match # any client or server). # # Columns are: # # SOURCE Source zone. Must be the name of a zone defined # in /etc/shorewall/zones, $FW or "all". # # DEST Destination zone. Must be the name of a zone defined # in /etc/shorewall/zones, $FW or "all" # # WARNING: Firewall->Firewall policies are not allowed; if # you have a policy where both SOURCE and DEST are $FW, # Shorewall will not start! # # POLICY Policy if no match from the rules file is found. Must # be "ACCEPT", "DROP", "REJECT" or "CONTINUE" # # LOG LEVEL If supplied, each connection handled under the default # POLICY is logged at that level. If not supplied, no # log message is generated. See syslog.conf(5) for a # description of log levels. # # If you don't want to log but need to specify the # following column, place "_" here. # # LIMIT:BURST If passed, specifies the maximum TCP connection rate # and the size of an acceptable burst. If not specified, # TCP connections are not limited. # # As shipped, the default policies are: # # a) All connections from the local network to the internet are allowed # b) All connections from the internet are ignored but logged at syslog # level KERNEL.INFO. # d) All other connection requests are rejected and logged at level # KERNEL.INFO. ############################################################################### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net ACCEPT # # If you want open access to the internet from your firewall, uncomment the # following line #fw net ACCEPT net all DROP info all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOTE