snf-network.ferm 681 Bytes
Newer Older
1
domain (ip ip6) chain protected mod comment comment snf-network_ferm {
2 3 4 5 6 7 8 9 10
        # Do not packets that request a new connection
        proto tcp !syn ACCEPT;
        # Allow dns responses
        proto udp sport 53 ACCEPT;
        # Allow ping
        proto icmp ACCEPT;
        DROP;
}

11
domain (ip ip6) chain limited mod comment comment snf-network_ferm {
12 13 14 15 16 17 18 19 20 21
        proto tcp !syn ACCEPT;
        # Allow ssh
        proto tcp dport 22 ACCEPT;
        # Allow RDP for windows
        proto tcp dport 3389 ACCEPT;
        proto udp sport 53 ACCEPT;
        proto icmp ACCEPT;
        DROP;
}

22
domain (ip ip6) chain unprotected mod comment comment snf-network_ferm {
23 24
        ACCEPT;
}