-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy patheztables.cfg
82 lines (60 loc) · 1.18 KB
/
eztables.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
ENABLE_SYSLOG=1
DENY_SSH_BF=1
DENY_SSH_BF_IP="$eth0"
DENY_SSH_BF_PORT=22
GOOGLE_DNS1=8.8.8.8
GOOGLE_DNS2=8.8.4.4
DNS_SERVERS="
$GOOGLE_DNS1
$GOOGLE_DNS2
"
WEB="
80/tcp
443/tcp
"
DNS="
53/udp
53/tcp
"
NTP="
123/udp
"
SSH="
22/tcp
"
BASIC_SERVICES="
$WEB
$DNS
$NTP
$SSH
"
APPSERVER1=192.168.123.2
#
# Permit SSH towards this host.
#
allow_in any $eth0 any "$SSH"
#
# Permit this host to access HTTP, DNS, NTP and SSH on the internet.
#
allow_out $eth0 any any "$BASIC_SERVICES"
#
# Enable clients within network $eth1_net to access the internet.
#
# nat $eth1_net $eth0
# allow_forward $eth1_net "$DNS_SERVERS" any "$DNS"
# allow_forward $eth1_net any any "$WEB"
#
# Forward port 80 on external interface $eth0 towards APPSERVER1
#
# port_forward $eth0 "$APPSERVER1" "$WEB"
#
# By default, machines in any network attached to an interface
# can't access any other machine in any other local network.
# If a machine in any of those networks need to access the
# forwarded port, you must explicitly enable this:
#
# allow_forward $eth0_net "$APPSERVER1" any "$WEB"
#
# In this example ICMP is permitted to any host.
#
allow_icmp any any