atomlab/ferm.conf

## ferm.conf
def $TRUSTED = (
);
domain (ip) {
    table filter {
        chain INPUT {
            policy DROP;

            # connection tracking
            mod state state INVALID DROP;
            mod state state (ESTABLISHED RELATED) ACCEPT;

            # allow local packet
            interface lo ACCEPT;

            # respond to ping
            proto icmp ACCEPT;

            # allow SSH connections
            proto tcp dport ssh ACCEPT;

            saddr $TRUSTED proto (tcp udp) ACCEPT;
        }
        chain OUTPUT {
            policy ACCEPT;

            # connection tracking
            #mod state state INVALID DROP;
            mod state state (ESTABLISHED RELATED) ACCEPT;
        }
        chain FORWARD {
            policy DROP;

            # connection tracking
            mod state state INVALID DROP;
            mod state state (ESTABLISHED RELATED) ACCEPT;
        }
    }
}

@include ferm.d/;
	def $TRUSTED = (
	);
	domain (ip) {
	table filter {
	chain INPUT {
	policy DROP;

	# connection tracking
	mod state state INVALID DROP;
	mod state state (ESTABLISHED RELATED) ACCEPT;

	# allow local packet
	interface lo ACCEPT;

	# respond to ping
	proto icmp ACCEPT;

	# allow SSH connections
	proto tcp dport ssh ACCEPT;

	saddr $TRUSTED proto (tcp udp) ACCEPT;
	}
	chain OUTPUT {
	policy ACCEPT;

	# connection tracking
	#mod state state INVALID DROP;
	mod state state (ESTABLISHED RELATED) ACCEPT;
	}
	chain FORWARD {
	policy DROP;

	# connection tracking
	mod state state INVALID DROP;
	mod state state (ESTABLISHED RELATED) ACCEPT;
	}
	}
	}

	@include ferm.d/;