|
Last change
on this file since 12 was
12,
checked in by mitty, 15 years ago
|
- change --log-level to "err"
- accept FORWARD from LAN (eth0 with 192.168.100.0/24)
- drop CIFS access from/to WAN (eth1)
- accept access from LAN
- add custom rules for 'setfilter' script
|
|
File size:
1.0 KB
|
| Line | |
|---|
| 1 | # |
|---|
| 2 | # rules.input-after |
|---|
| 3 | # |
|---|
| 4 | # Rules that should be run after the ufw command line added rules. Custom |
|---|
| 5 | # rules should be added to one of these chains: |
|---|
| 6 | # ufw-after-input |
|---|
| 7 | # ufw-after-output |
|---|
| 8 | # ufw-after-forward |
|---|
| 9 | # |
|---|
| 10 | |
|---|
| 11 | # Don't delete these required lines, otherwise there will be errors |
|---|
| 12 | *filter |
|---|
| 13 | :ufw-after-input - [0:0] |
|---|
| 14 | :ufw-after-output - [0:0] |
|---|
| 15 | :ufw-after-forward - [0:0] |
|---|
| 16 | # End required lines |
|---|
| 17 | |
|---|
| 18 | # don't log noisy services by default |
|---|
| 19 | -A ufw-after-input -p udp --dport 137 -j RETURN |
|---|
| 20 | -A ufw-after-input -p udp --dport 138 -j RETURN |
|---|
| 21 | -A ufw-after-input -p tcp --dport 139 -j RETURN |
|---|
| 22 | -A ufw-after-input -p tcp --dport 445 -j RETURN |
|---|
| 23 | -A ufw-after-input -p udp --dport 67 -j RETURN |
|---|
| 24 | -A ufw-after-input -p udp --dport 68 -j RETURN |
|---|
| 25 | |
|---|
| 26 | # catchall for logging |
|---|
| 27 | -A ufw-after-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK INPUT]: " --log-level err |
|---|
| 28 | -A ufw-after-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK FORWARD]: " --log-level err |
|---|
| 29 | |
|---|
| 30 | # don't delete the 'COMMIT' line or these rules won't be processed |
|---|
| 31 | COMMIT |
|---|
Note: See
TracBrowser
for help on using the repository browser.
