projects
/
mirror
/
dsa-puppet.git
/ blob
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
history
|
raw
|
HEAD
Initial stab at adding a ferm module
[mirror/dsa-puppet.git]
/
modules
/
ferm
/
files
/
ferm.conf
1
# include some ferm definitions, useful for adding function to abstract stuff
2
@include 'defs.conf';
3
4
# a simple default and fairly secure policy
5
domain (ip ip6) {
6
chain INPUT {
7
policy DROP;
8
mod state state (ESTABLISHED RELATED) ACCEPT;
9
interface lo ACCEPT;
10
proto tcp mod state state NEW !syn DROP;
11
proto icmp ACCEPT;
12
}
13
}
14
15
# per-host configuration
16
@include 'conf.d/';
17
18
# managed via puppet
19
@include 'dsa.d/';