|
@@ -6,15 +6,7 @@
|
|
|
# Configuration file for ferm(1).
|
|
# Configuration file for ferm(1).
|
|
|
#
|
|
#
|
|
|
|
|
|
|
|
-@def $PORTS = (
|
|
|
|
|
-{%- if firewall_opened_ports -%}
|
|
|
|
|
-{% for port in firewall_opened_ports %}{{ port }} {% endfor %}
|
|
|
|
|
-{%- endif -%}
|
|
|
|
|
-{%- if ssh_port is defined -%}{{ ssh_port }} {%- endif -%}
|
|
|
|
|
-{%- if ssh_ports_extra is defined -%}
|
|
|
|
|
-{% for port in ssh_ports_extra %}{{ port }} {% endfor %}
|
|
|
|
|
-{%- endif -%}
|
|
|
|
|
-); # Services running
|
|
|
|
|
|
|
+@def $PORTS = ({{ firewall_public | join(' ') }}); # Services running worldwide
|
|
|
|
|
|
|
|
table filter {
|
|
table filter {
|
|
|
chain INPUT {
|
|
chain INPUT {
|
|
@@ -31,7 +23,15 @@ table filter {
|
|
|
proto icmp icmp-type echo-request ACCEPT;
|
|
proto icmp icmp-type echo-request ACCEPT;
|
|
|
|
|
|
|
|
# standard ports we allow from the outside
|
|
# standard ports we allow from the outside
|
|
|
- proto tcp dport $PORTS ACCEPT;
|
|
|
|
|
|
|
+ proto (udp tcp) dport $PORTS ACCEPT;
|
|
|
|
|
+{% if firewall_private is defined %}
|
|
|
|
|
+ # Private networks configuration
|
|
|
|
|
+{% for fwconf in firewall_private %}
|
|
|
|
|
+ interface {{ fwconf.interface }}{% if fwconf.network is defined %} saddr {{ fwconf.network }}{% endif %} {
|
|
|
|
|
+ proto (udp tcp) dport ({{ fwconf.ports | join(' ') }}) ACCEPT;
|
|
|
|
|
+ }
|
|
|
|
|
+{% endfor %}
|
|
|
|
|
+{% endif %}
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
chain OUTPUT {
|
|
chain OUTPUT {
|
