\n \n \n \n \n\n
\n \n \n \n
#<\/div># -*- shell-script -*-<\/div>#<\/div>#  Configuration file for ferm(1).<\/div>#<\/div> <\/div>def $SERVER_TCP_PORTS = (http https ssh);<\/div> <\/div>table filter {<\/div>    chain INPUT {<\/div>        policy DROP;<\/div> <\/div>        # connection tracking<\/div>        mod state state INVALID DROP;<\/div>        mod state state (ESTABLISHED RELATED) ACCEPT;<\/div> <\/div>        # allow local packages<\/div>        interface lo ACCEPT;<\/div> <\/div>        # respond to ping, but limit that<\/div>        proto icmp ACCEPT; <\/div> <\/div>        # allow IPsec<\/div>        proto udp dport 500 ACCEPT;<\/div>        proto (esp ah) ACCEPT;<\/div> <\/div>        # allow the defined tcp connections<\/div>        #proto tcp dport ssh ACCEPT;<\/div>				proto tcp dport $SERVER_TCP_PORTS ACCEPT;<\/div>    }<\/div>    chain OUTPUT {<\/div>        policy ACCEPT;<\/div> <\/div>        # connection tracking<\/div>        #mod state state INVALID DROP;<\/div>        mod state state (ESTABLISHED RELATED) ACCEPT;<\/div>    }<\/div>    chain FORWARD {<\/div>        policy DROP;<\/div> <\/div>        # connection tracking<\/div>        mod state state INVALID DROP;<\/div>        mod state state (ESTABLISHED RELATED) ACCEPT;<\/div>    }<\/div>}<\/div> <\/div># IPv6:<\/div>#domain ip6 {<\/div>#    table filter {<\/div>#        chain INPUT {<\/div>#            policy ACCEPT;<\/div>#            # ...<\/div>#        }<\/div>#        # ...<\/div>#    }<\/div>#}<\/div><\/pre><\/div>\n        \n        <\/div>\n\n        \n          view raw<\/a>\n          ferm_example.conf<\/a>\n          This Gist<\/a> brought to you by GitHub<\/a>.\n        <\/div>\n      <\/div>\n    \n  \n<\/div>\n')