From: Kevin Day Date: Wed, 20 Jun 2012 03:53:07 +0000 (-0500) Subject: Bugfix: correct mistakes in firewall settings files X-Git-Tag: 0.3.0~2 X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=1333e84f77642185c69c552670b7be0b9364653c;p=fll Bugfix: correct mistakes in firewall settings files The files were not entirely synced with my local copies and contained invalid configurations. --- diff --git a/level_3/firewall/data/settings/firewall-first b/level_3/firewall/data/settings/firewall-first index df2f847..f564da2 100644 --- a/level_3/firewall/data/settings/firewall-first +++ b/level_3/firewall/data/settings/firewall-first @@ -1,5 +1,6 @@ # fss-0002 + main: # initialize the firewall direction none @@ -7,8 +8,11 @@ main: rule -F rule -Z + + tool iptables rule -t nat -F rule -t mangle -F + tool ip46tables # setup initial operations direction input diff --git a/level_3/firewall/data/settings/firewall-last b/level_3/firewall/data/settings/firewall-last index d6fa7c0..b2132fa 100644 --- a/level_3/firewall/data/settings/firewall-last +++ b/level_3/firewall/data/settings/firewall-last @@ -101,71 +101,6 @@ output-udp: input-icmp: - tool iptables - direction input - protocol icmp - - # allow all icmp input, such as pings - #rule -m state --state NEW -j ACCEPT - - # allow icmp: echo reply (outbound ping) - #rule --icmp-type 0 -m state --state NEW -j ACCEPT - - # allow icmp: destination unreachable - rule --icmp-type 3 -m state --state NEW -j ACCEPT - - # allow icmp: source quench - rule --icmp-type 4 -m state --state NEW -j ACCEPT - - # allow icmp: redirect - rule --icmp-type 5 -m state --state NEW -j ACCEPT - - # allow icmp: echo request (inbound ping) - rule --icmp-type 8 -m state --state NEW -j ACCEPT - - # allow icmp: router advertisement - rule --icmp-type 9 -m state --state NEW -j ACCEPT - - # allow icmp: router Solicitation - rule --icmp-type 10 -m state --state NEW -j ACCEPT - - # allow icmp: time exceeded - rule --icmp-type 11 -m state --state NEW -j ACCEPT - - # allow icmp: bad ip header - rule --icmp-type 12 -m state --state NEW -j ACCEPT - - # allow icmp: timestamp - rule --icmp-type 13 -m state --state NEW -j ACCEPT - - # allow icmp: timestamp reply - rule --icmp-type 14 -m state --state NEW -j ACCEPT - - # allow icmp: information request - rule --icmp-type 15 -m state --state NEW -j ACCEPT - - # allow icmp: information reply - rule --icmp-type 16 -m state --state NEW -j ACCEPT - - # allow icmp: address request - rule --icmp-type 17 -m state --state NEW -j ACCEPT - - # allow icmp: address reply - rule --icmp-type 18 -m state --state NEW -j ACCEPT - - # allow icmp: traceroute - #rule --icmp-type 30 -m state --state NEW -j ACCEPT - - -output-icmp: - direction output - protocol icmp - - # allow icmp output, such as pings - rule -m state --state NEW -j ACCEPT - - -input-icmp: direction input diff --git a/level_3/firewall/data/settings/firewall-other b/level_3/firewall/data/settings/firewall-other index 5009f2a..40d9ae6 100644 --- a/level_3/firewall/data/settings/firewall-other +++ b/level_3/firewall/data/settings/firewall-other @@ -1,5 +1,6 @@ # fss-0002 + stop: action policy