diff options
author | Holger Levsen <holger@layer-acht.org> | 2015-07-27 14:31:57 +0200 |
---|---|---|
committer | Holger Levsen <holger@layer-acht.org> | 2015-07-27 14:31:57 +0200 |
commit | 315ead533e3d4e67ce3908a13ebe5b75ef9060c4 (patch) | |
tree | b13a53cbace131ef2afedbd7697f724f9e674c0d /hosts/jenkins/etc/shorewall/rules | |
parent | 16a5099a82e9c12322e7bea561a5f43448b013d4 (diff) | |
download | jenkins.debian.net-315ead533e3d4e67ce3908a13ebe5b75ef9060c4.tar.xz |
move etc to hosts/jenkins/etc
Diffstat (limited to 'hosts/jenkins/etc/shorewall/rules')
-rw-r--r-- | hosts/jenkins/etc/shorewall/rules | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/hosts/jenkins/etc/shorewall/rules b/hosts/jenkins/etc/shorewall/rules new file mode 100644 index 00000000..1b7c8ffe --- /dev/null +++ b/hosts/jenkins/etc/shorewall/rules @@ -0,0 +1,31 @@ +# +# Shorewall version 4.0 - Sample Rules File for one-interface configuration. +# Copyright (C) 2006 by the Shorewall Team +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# See the file README.txt for further details. +#------------------------------------------------------------------------------------------------------------ +# For information on entries in this file, type "man shorewall-rules" +###################################################################################################################################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH +# PORT PORT(S) DEST LIMIT GROUP +#SECTION ALL +#SECTION ESTABLISHED +#SECTION RELATED +SECTION NEW + +# Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. +#Ping(DROP) net $FW + +# Permit all ICMP traffic FROM the firewall TO the net zone +ACCEPT net $FW icmp +ACCEPT $FW net icmp + +# incoming http and ssh are allowed +ACCEPT net $FW tcp 80,443 +ACCEPT net $FW tcp 22 + |