-RULE="Accept service ping from any to any options comment=\"ping\""
+RULE="separator options comment=\"Outgoing traffic\""
RULE="Accept service any from firewall to world.inet options comment=\"Outgoing host traffic\""
RULE="Accept service any from any to world.inet options comment=\"Outgoing vserver traffic (but from any due to vuurmuur limits)\""
RULE="Snat service any from vservers.internal to world.inet options out_int=\"inet-nic\",comment=\"snat for vservers\""
-RULE="separator"
+RULE="separator options comment=\"Zeratul crosslink\""
RULE="Accept service any from zeratul.direct to firewall options comment=\"direct traffic from zeratul\""
RULE="Accept service any from firewall to zeratul.direct options comment=\"direct traffice to zeratul\""
-RULE="separator"
+RULE="separator options comment=\"Open up ports on the host\""
RULE="Accept service ssh-host from any to firewall(any) options comment=\"ssh access to the host\""
RULE="Accept service ident from world.inet to firewall(any)"
+RULE="separator options comment=\"Forward ports to vservers\""
RULE="Dnat service http from world.inet to www.vservers.internal options in_int=\"inet-nic\",comment=\"http to www\""
RULE="Accept service http from world.inet to firewall options in_int=\"vserver-www-nic\""
RULE="Dnat service https from world.inet to www.vservers.internal options in_int=\"inet-nic\",comment=\"https to www\""
RULE="Accept service locus from world.inet to firewall options in_int=\"vserver-login-nic\""
RULE="Dnat service telnet from world.inet to www.vservers.internal options in_int=\"inet-nic\",remoteport=\"2323\",comment=\"Hunternet gameserver\""
RULE="Accept service telnet-nonpriv from world.inet to firewall options in_int=\"vserver-www-nic\",comment=\"Hunternet gameserver\""
+RULE="separator options comment=\"Other rules\""
RULE="Drop service dhcp from any to any options comment=\"Drop all DHCP without logging\""
+RULE="Accept service ping from any to any options comment=\"ping\""
projects / matthijs / servers / drsnuggles.git / commitdiff