trunk
| Line | |
|---|
| 1 | # |
|---|
| 2 | # rules.input-after |
|---|
| 3 | # |
|---|
| 4 | # Rules that should be run after the ufw command line added rules. Custom |
|---|
| 5 | # rules should be added to one of these chains: |
|---|
| 6 | # ufw-after-input |
|---|
| 7 | # ufw-after-output |
|---|
| 8 | # ufw-after-forward |
|---|
| 9 | # |
|---|
| 10 | |
|---|
| 11 | # Don't delete these required lines, otherwise there will be errors |
|---|
| 12 | *filter |
|---|
| 13 | :ufw-after-input - [0:0] |
|---|
| 14 | :ufw-after-output - [0:0] |
|---|
| 15 | :ufw-after-forward - [0:0] |
|---|
| 16 | # End required lines |
|---|
| 17 | |
|---|
| 18 | # don't log noisy services by default |
|---|
| 19 | -A ufw-after-input -p udp --dport 137 -j RETURN |
|---|
| 20 | -A ufw-after-input -p udp --dport 138 -j RETURN |
|---|
| 21 | -A ufw-after-input -p tcp --dport 139 -j RETURN |
|---|
| 22 | -A ufw-after-input -p tcp --dport 445 -j RETURN |
|---|
| 23 | -A ufw-after-input -p udp --dport 67 -j RETURN |
|---|
| 24 | -A ufw-after-input -p udp --dport 68 -j RETURN |
|---|
| 25 | |
|---|
| 26 | # catchall for logging |
|---|
| 27 | -A ufw-after-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK INPUT]: " |
|---|
| 28 | -A ufw-after-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK FORWARD]: " |
|---|
| 29 | |
|---|
| 30 | # don't delete the 'COMMIT' line or these rules won't be processed |
|---|
| 31 | COMMIT |
|---|
Note: See
TracBrowser
for help on using the repository browser.
