migration and cleanup from legacy repos
This commit is contained in:
20
mtpconfigs/ovh/shared-router/shorewall/policy
Executable file
20
mtpconfigs/ovh/shared-router/shorewall/policy
Executable file
@@ -0,0 +1,20 @@
|
||||
#SOURCE ZONE DESTINATION ZONE POLICY LOG LIMIT:BURST
|
||||
# LEVEL
|
||||
#Allow the firewall to get out to the net. Updates/e-mail alerts etc. I could pinhole this, but meh COME AT ME NSA
|
||||
$FW wan ACCEPT
|
||||
|
||||
#Road warrior is trusted. It serves as an extension of the mgmt net.
|
||||
vpnrwr all ACCEPT
|
||||
|
||||
#Anything transisting the vpn link between ausprod-core-rtr01 and tsys-rtr has already been passed firewall rules and IPS inspection.
|
||||
#Otherwise I wouldn't allow this
|
||||
vpnauslab all ACCEPT
|
||||
|
||||
#Drop everything inbound from the big bad world that isn't explicitly allowed.
|
||||
#Cause the net is where the NSA lives
|
||||
wan all DROP
|
||||
|
||||
#Drop everything that isn't explicitly allowed.
|
||||
#Make explicit rules for everything yo. The NSA says you should. Duh.
|
||||
# #state-sponsored-malware #stuxnet-was-an-inside-job
|
||||
all all REJECT info
|
||||
Reference in New Issue
Block a user