LegacyTechops/mtpconfigs/ovh/shared-router/shorewall/policy

21 lines
910 B
Plaintext
Executable File

#SOURCE ZONE DESTINATION ZONE POLICY LOG LIMIT:BURST
# LEVEL
#Allow the firewall to get out to the net. Updates/e-mail alerts etc. I could pinhole this, but meh COME AT ME NSA
$FW wan ACCEPT
#Road warrior is trusted. It serves as an extension of the mgmt net.
vpnrwr all ACCEPT
#Anything transisting the vpn link between ausprod-core-rtr01 and tsys-rtr has already been passed firewall rules and IPS inspection.
#Otherwise I wouldn't allow this
vpnauslab all ACCEPT
#Drop everything inbound from the big bad world that isn't explicitly allowed.
#Cause the net is where the NSA lives
wan all DROP
#Drop everything that isn't explicitly allowed.
#Make explicit rules for everything yo. The NSA says you should. Duh.
# #state-sponsored-malware #stuxnet-was-an-inside-job
all all REJECT info