From 14c8577b515f524a5a62c831a74895c9d2f401b5 Mon Sep 17 00:00:00 2001 From: Matthijs Kooijman Date: Mon, 26 Jul 2010 15:44:42 +0200 Subject: [PATCH] vuurmuur: Reorganize rules.conf. This adds a bunch of comment lines and moves a rule to a more logical place. --- etc/vuurmuur/rules/rules.conf | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/etc/vuurmuur/rules/rules.conf b/etc/vuurmuur/rules/rules.conf index bae0514..b78554e 100644 --- a/etc/vuurmuur/rules/rules.conf +++ b/etc/vuurmuur/rules/rules.conf @@ -1,13 +1,14 @@ -RULE="Accept service ping from any to any options comment=\"ping\"" +RULE="separator options comment=\"Outgoing traffic\"" RULE="Accept service any from firewall to world.inet options comment=\"Outgoing host traffic\"" RULE="Accept service any from any to world.inet options comment=\"Outgoing vserver traffic (but from any due to vuurmuur limits)\"" RULE="Snat service any from vservers.internal to world.inet options out_int=\"inet-nic\",comment=\"snat for vservers\"" -RULE="separator" +RULE="separator options comment=\"Zeratul crosslink\"" RULE="Accept service any from zeratul.direct to firewall options comment=\"direct traffic from zeratul\"" RULE="Accept service any from firewall to zeratul.direct options comment=\"direct traffice to zeratul\"" -RULE="separator" +RULE="separator options comment=\"Open up ports on the host\"" RULE="Accept service ssh-host from any to firewall(any) options comment=\"ssh access to the host\"" RULE="Accept service ident from world.inet to firewall(any)" +RULE="separator options comment=\"Forward ports to vservers\"" RULE="Dnat service http from world.inet to www.vservers.internal options in_int=\"inet-nic\",comment=\"http to www\"" RULE="Accept service http from world.inet to firewall options in_int=\"vserver-www-nic\"" RULE="Dnat service https from world.inet to www.vservers.internal options in_int=\"inet-nic\",comment=\"https to www\"" @@ -24,4 +25,6 @@ RULE="Dnat service locus from world.inet to login.vservers.internal options in_i RULE="Accept service locus from world.inet to firewall options in_int=\"vserver-login-nic\"" RULE="Dnat service telnet from world.inet to www.vservers.internal options in_int=\"inet-nic\",remoteport=\"2323\",comment=\"Hunternet gameserver\"" RULE="Accept service telnet-nonpriv from world.inet to firewall options in_int=\"vserver-www-nic\",comment=\"Hunternet gameserver\"" +RULE="separator options comment=\"Other rules\"" RULE="Drop service dhcp from any to any options comment=\"Drop all DHCP without logging\"" +RULE="Accept service ping from any to any options comment=\"ping\"" -- 2.30.2