2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
3 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
12 chain (INPUT OUTPUT) {
20 chain log_and_reject {
21 ULOG ulog-prefix "REJECT: ";
22 proto tcp REJECT reject-with tcp-reset;
27 mod hashlimit hashlimit-name ulogreject hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second jump log_and_reject;
28 mod hashlimit hashlimit-name uloglogdrop hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second ULOG ulog-prefix "DROP: ";
36 chain log_and_reject {
37 LOG log-prefix "REJECT: ";
38 proto tcp REJECT reject-with tcp-reset;
43 mod hashlimit hashlimit-name logreject hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second jump log_and_reject;
44 mod hashlimit hashlimit-name loglogdrop hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second LOG log-prefix "DROP: ";
53 mod state state (ESTABLISHED RELATED) ACCEPT;
56 mod state state (INVALID) DROP;
65 proto (tcp udp) mod multiport destination-ports (135 137 138 139 445 1026 1027 1433) DROP;