let's see if this works

[dsa-puppet.git] / modules / ferm / files / ferm.conf

diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf
index 6cd911f986aa7f9e5b1b5ef377c4a67031146d91..e001d650a1f497ab56cdda5b3fc1ff49d02d85cf 100644 (file)
--- a/modules/ferm/files/ferm.conf
+++ b/modules/ferm/files/ferm.conf
@@ -1,19 +1,18 @@
-# include some ferm definitions, useful for adding function to abstract stuff
-@include 'defs.conf';
+# -*- shell-script -*-
+#
+#  Configuration file for ferm(1).
+#
+
+include "conf.d/me.conf";
 
-# a simple default and fairly secure policy
 domain (ip ip6) {
-       chain INPUT {
-               policy DROP;
-               mod state state (ESTABLISHED RELATED) ACCEPT;
-               interface lo ACCEPT;
-               proto tcp mod state state NEW !syn DROP;
-               proto icmp ACCEPT;
-       }
+       chain INPUT {
+               policy DROP;
+               mod state state (ESTABLISHED RELATED) ACCEPT;
+               interface lo ACCEPT;
+               mod state state (INVALID) DROP;
+               proto icmp ACCEPT;
+       }
 }
 
-# per-host configuration
-@include 'conf.d/';
-
-# managed via puppet
-@include 'dsa.d/';
+include "dsa.d/*";