pwlin/gist:807aa650b099944788a7

## gistfile1.sh
# -*- shell-script -*-
#
# Ferm example script
#
# Firewall configuration for a web server.

table filter {
    chain INPUT {
        policy DROP;

        # connection tracking
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;

        # allow local connections
        interface lo ACCEPT;

        # respond to ping
        # proto icmp icmp-type echo-request ACCEPT;

        # our services to the world
        proto tcp dport ($SERVICES) ACCEPT;

        # the rest is dropped by the above policy
    }

    # outgoing connections are not limited
 chain OUTPUT policy ACCEPT;

    # this is not a router
 chain FORWARD policy DROP;

}
	# -- shell-script --
	#
	# Ferm example script
	#
	# Firewall configuration for a web server.

	table filter {
	chain INPUT {
	policy DROP;

	# connection tracking
	mod state state INVALID DROP;
	mod state state (ESTABLISHED RELATED) ACCEPT;

	# allow local connections
	interface lo ACCEPT;

	# respond to ping
	# proto icmp icmp-type echo-request ACCEPT;

	# our services to the world
	proto tcp dport ($SERVICES) ACCEPT;

	# the rest is dropped by the above policy
	}

	# outgoing connections are not limited
	chain OUTPUT policy ACCEPT;

	# this is not a router
	chain FORWARD policy DROP;

	}