X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fferm%2Ffiles%2Fferm.conf;h=d25d1b4f5c2c24730fe081162b8b67dbf1867a0b;hb=95dcdb4730b139b8d35e701a869b27eaebe68bd4;hp=6cd911f986aa7f9e5b1b5ef377c4a67031146d91;hpb=37c25196ed4a77a0668117354622e6740659359e;p=dsa-puppet.git

diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf
index 6cd911f9..d25d1b4f 100644
--- a/modules/ferm/files/ferm.conf
+++ b/modules/ferm/files/ferm.conf
@@ -1,19 +1,18 @@
-# include some ferm definitions, useful for adding function to abstract stuff
-@include 'defs.conf';
+# -*- shell-script -*-
+#
+#  Configuration file for ferm(1).
+#
+
+@include 'conf.d/';
 
-# a simple default and fairly secure policy
 domain (ip ip6) {
-	chain INPUT {
-		policy DROP;
-		mod state state (ESTABLISHED RELATED) ACCEPT;
-		interface lo ACCEPT;
-		proto tcp mod state state NEW !syn DROP;
-		proto icmp ACCEPT;
-	}
+       chain INPUT {
+               policy DROP;
+               mod state state (ESTABLISHED RELATED) ACCEPT;
+               interface lo ACCEPT;
+               proto icmp ACCEPT;
+               proto mod state state (INVALID) DROP;
+       }
 }
 
-# per-host configuration
-@include 'conf.d/';
-
-# managed via puppet
 @include 'dsa.d/';