1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
<pyroman>
<!-- pyroman has three 'built in' chains that are being used if you use
the 'allow', 'drop' or 'reject' statements. 'allow' and 'drop' could be
hardwired to the ACCEPT, DROP and REJECT iptables actions, however these two
chains can still be useful for statistics. -->
<param name="Firewall.accept" value="accept" />
<param name="Firewall.drop" value="drop" />
<param name="Firewall.reject" value="reject" />
<!-- The 'reject' chain defined here has a more verbose reject on TCP
connection attempts that plays more nicely with some services -->
<!-- the '*accept*' value is magic for the variable Firewall.accept -->
<chain name="*accept*" />
<iptables chain="*accept*" filter="-j ACCEPT" />
<!-- for just discarding packets, again magic Firewall.drop -->
<chain name="*drop*" />
<iptables chain="*drop*" filter="-j DROP" />
<!-- rules for doing a pretty 'reject' (i.e. connection refused) -->
<chain name="*reject*" />
<iptables chain="*reject*" filter="-p tcp -j REJECT --reject-with tcp-reset" />
<iptables chain="*reject*" filter="-j REJECT" />
</pyroman>
|
