From 63b2dbce87c82b917cd5e0574f04d51f0cf52d4f Mon Sep 17 00:00:00 2001
From: Holger Levsen <holger@layer-acht.org>
Date: Sun, 21 Oct 2012 14:55:35 +0200
Subject: setup shorewall(6) and let squid cache files up to 50MB

---
 etc/shorewall/rules | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 etc/shorewall/rules

(limited to 'etc/shorewall/rules')

diff --git a/etc/shorewall/rules b/etc/shorewall/rules
new file mode 100644
index 00000000..db08726c
--- /dev/null
+++ b/etc/shorewall/rules
@@ -0,0 +1,32 @@
+#
+# Shorewall version 4.0 - Sample Rules File for one-interface configuration.
+# Copyright (C) 2006 by the Shorewall Team
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# See the file README.txt for further details.
+#------------------------------------------------------------------------------------------------------------
+# For information on entries in this file, type "man shorewall-rules"
+######################################################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         SWITCH
+#							PORT	PORT(S)		DEST		LIMIT		GROUP
+#SECTION ALL
+#SECTION ESTABLISHED
+#SECTION RELATED
+SECTION NEW
+
+# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
+
+Ping(DROP)	net		$FW
+
+# Permit all ICMP traffic FROM the firewall TO the net zone
+
+ACCEPT		$FW		net		icmp
+
+# http and ssh are allowed
+ACCEPT    net       $FW             tcp          80
+ACCEPT    net       $FW             tcp          22
+
-- 
cgit v1.2.3-54-g00ecf