Ajout : vm_hosted : rule_shorewall_configure .

[lhc/ateliers.git] / etc / shorewall / rules

diff --git a/etc/shorewall/rules b/etc/shorewall/rules
new file mode 100644 (file)
index 0000000..008765f
--- /dev/null
+++ b/etc/shorewall/rules
@@ -0,0 +1,32 @@
+# DOC: shorewall-rules(5)
+######################################################################################################################################################################################
+#ACTION                       SOURCE DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/   MARK    CONNLIMIT       TIME         HEADERS         SWITCH
+#                                                            PORT    PORT(S)         DEST            LIMIT           GROUP
+#SECTION ALL
+#SECTION ESTABLISHED
+#SECTION RELATED
+SECTION NEW
+
+DNS(ACCEPT)                   net    $FW
+Git(ACCEPT)                   net    $FW
+HTTP(ACCEPT)                  net    $FW
+HTTPS(ACCEPT)                 net    $FW
+Limit(IMAPS,5,60):info        net    $FW         tcp   imaps
+IMAPS(ACCEPT)                 net    $FW
+Managesieve(ACCEPT)           net    $FW
+Mosh(ACCEPT)                  net    $FW
+SMTP(ACCEPT)                  net    $FW
+Ping(ACCEPT)                  net    $FW
+Limit(SSH,10,60):info         net    $FW         tcp   ssh
+SSH(ACCEPT)                   net    $FW
+Submission(ACCEPT)            net    $FW
+Limit(Submission,10,60):info  net    $FW         tcp   submission
+
+ACCEPT                        $FW    net         icmp
+DNS(ACCEPT)                   $FW    net
+Git(ACCEPT)                   $FW    net
+HTTP(ACCEPT)                  $FW    net
+HTTPS(ACCEPT)                 $FW    net
+NTP(ACCEPT)                   $FW    net
+SMTP(ACCEPT)                  $FW    net
+SSH(ACCEPT)                   $FW    net