firewall-common.erb
671 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
### FILTER RULES ###
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp --icmp-type 3/4 -j ACCEPT
-A INPUT -p icmp --icmp-type 3/3 -j ACCEPT
-A INPUT -p icmp --icmp-type 3/1 -j ACCEPT
-A INPUT -p icmp --icmp-type 4 -j ACCEPT
-A INPUT -p icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp --icmp-type 12 -j ACCEPT
-A INPUT -i lo -j ACCEPT
<%= yield :iptables_filter %>
-A INPUT -j LOG --log-prefix "Firewall INPUT: "
-A INPUT -j DROP
-A FORWARD -j LOG --log-prefix "Firewall FORWARD: "
-A FORWARD -j DROP
COMMIT
### NAT Rules ###
*nat
<%= yield :iptables_nat %>
COMMIT