vuurmuur: Fix accept rule for outgoing verserver connections.

[matthijs/servers/drsnuggles.git] / etc / vuurmuur / rules / rules.conf

diff --git a/etc/vuurmuur/rules/rules.conf b/etc/vuurmuur/rules/rules.conf
index 1e49c3c25144c8234222b4c3a3f94ab1fa456972..1532bbe9fd619caa95d73476c7e32d1a8d7e3b14 100644 (file)
--- a/etc/vuurmuur/rules/rules.conf
+++ b/etc/vuurmuur/rules/rules.conf
@@ -1,8 +1,11 @@
+RULE="Accept service ping from any to any options comment=\"ping\""
 RULE="Accept service any from firewall to world.inet options comment=\"Outgoing host traffic\""
-RULE="Accept service any from vservers.internal to world.inet options comment=\"Outgoing vserver traffic\""
+RULE="Accept service any from any to world.inet options comment=\"Outgoing vserver traffic (but from any due to vuurmuur limits)\""
 RULE="Snat service any from vservers.internal to world.inet options comment=\"snat for vservers\""
+RULE="separator"
 RULE="Accept service any from zeratul.direct to firewall options comment=\"direct traffic from zeratul\""
 RULE="Accept service any from firewall to zeratul.direct options comment=\"direct traffice to zeratul\""
+RULE="separator"
 RULE="Accept service ssh-host from any to firewall(any) options comment=\"ssh access to the host\""
 RULE="Portfw service http from world.inet to www.vservers.internal options comment=\"http to www\""
 RULE="Portfw service smtp from world.inet to mail.vservers.internal options comment=\"smtp to mail\""