move to archive, cleaning up for golive

2018-01-24 18:30:48 -06:00
parent 5f1be2380c
commit c1f552b269
92 changed files with 600 additions and 0 deletions
--- a/archive/mtpconfigs/ovh/shared-router/shorewall/policy
+++ b/archive/mtpconfigs/ovh/shared-router/shorewall/policy
@@ -0,0 +1,20 @@
+#SOURCE ZONE     DESTINATION ZONE    POLICY     LOG     LIMIT:BURST
+#                                               LEVEL
+#Allow the firewall to get out to the net. Updates/e-mail alerts etc. I could pinhole this, but meh COME AT ME NSA
+$FW		wan		         ACCEPT
+
+#Road warrior is trusted. It serves as an extension of the mgmt net. 
+vpnrwr 		all		 ACCEPT
+
+#Anything transisting the vpn link between ausprod-core-rtr01 and tsys-rtr has already been passed firewall rules and IPS inspection.
+#Otherwise I wouldn't allow this
+vpnauslab 	all		 ACCEPT
+
+#Drop everything inbound from the big bad world that isn't explicitly allowed. 
+#Cause the net is where the NSA lives
+wan              all                 DROP
+
+#Drop everything that isn't explicitly allowed. 
+#Make explicit rules for everything yo. The NSA says you should.  Duh. 
+# #state-sponsored-malware #stuxnet-was-an-inside-job
+all 		all			 REJECT info