modules/ferm/files/ferm.conf

   1 ##
   2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
   3 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
   4 ##
   5
   6 # -*- shell-script -*-
   7
   8 @include 'conf.d/';
   9
  10 domain (ip ip6) {
  11         table filter {
  12               chain log_and_reject {
  13                       ULOG ulog-prefix "REJECT: ";
  14                       proto tcp REJECT reject-with tcp-reset;
  15                       REJECT;
  16               }
  17
  18               chain log_or_drop {
  19                       mod hashlimit hashlimit-name ulogreject  hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second jump log_and_reject;
  20                       mod hashlimit hashlimit-name uloglogdrop hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second ULOG ulog-prefix "DROP: ";
  21                       DROP;
  22               }
  23               chain INPUT {
  24                       policy DROP;
  25                       mod state state (ESTABLISHED RELATED) ACCEPT;
  26                       interface lo ACCEPT;
  27                       proto icmp ACCEPT;
  28                       mod state state (INVALID) DROP;
  29               }
  30         }
  31 }
  32
  33 @include 'dsa.d/';