domain (ip ip6) {
table filter {
- chain log_and_reject {
- ULOG ulog-prefix "REJECT: ";
- proto tcp REJECT reject-with tcp-reset;
- REJECT;
- }
+ chain log_and_reject {
+ ULOG ulog-prefix "REJECT: ";
+ proto tcp REJECT reject-with tcp-reset;
+ REJECT;
+ }
- chain log_or_drop {
- mod hashlimit hashlimit-name ulogreject hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second jump log_and_reject;
- mod hashlimit hashlimit-name uloglogdrop hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second ULOG ulog-prefix "DROP: ";
- DROP;
- }
-}
-
-domain (ip ip6) {
- chain INPUT {
- policy DROP;
- mod state state (ESTABLISHED RELATED) ACCEPT;
- interface lo ACCEPT;
- proto icmp ACCEPT;
- mod state state (INVALID) DROP;
- }
+ chain log_or_drop {
+ mod hashlimit hashlimit-name ulogreject hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second jump log_and_reject;
+ mod hashlimit hashlimit-name uloglogdrop hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second ULOG ulog-prefix "DROP: ";
+ DROP;
+ }
+ chain INPUT {
+ policy DROP;
+ mod state state (ESTABLISHED RELATED) ACCEPT;
+ interface lo ACCEPT;
+ proto icmp ACCEPT;
+ mod state state (INVALID) DROP;
+ }
+ }
}
@include 'dsa.d/';
projects / dsa-puppet.git / commitdiff