vuurmuur: Define a sane ruleset.

[matthijs/servers/drsnuggles.git] / etc / vuurmuur / rules / rules.conf

RULE="Accept service any from firewall to world.inet options comment=\"Outgoing host traffic\""
RULE="Accept service any from vservers.internal to world.inet options comment=\"Outgoing vserver traffic\""
RULE="Snat service any from vservers.internal to world.inet options comment=\"snat for vservers\""
RULE="Accept service any from zeratul.direct to firewall options comment=\"direct traffic from zeratul\""
RULE="Accept service any from firewall to zeratul.direct options comment=\"direct traffice to zeratul\""
RULE="Accept service ssh-host from any to firewall(any) options comment=\"ssh access to the host\""
RULE="Portfw service http from world.inet to www.vservers.internal options comment=\"http to www\""
RULE="Portfw service smtp from world.inet to mail.vservers.internal options comment=\"smtp to mail\""
RULE="Portfw service dns from world.inet to dns.vservers.internal options comment=\"dns to dns\""
RULE="Portfw service imaps from world.inet to mail.vservers.internal options comment=\"imaps to mail\""
RULE="Portfw service ssh from world.inet to login.vservers.internal options comment=\"ssh to login\""