hostcfg / culturestrings

Clone
Source Code
GIT

Blame public/fs/etc/firehol/firehol.conf

main
  1.   0f11a66864ce98a8a9a58af382bd8efbff471f22
  2.   public
  3.   fs
  4.   etc
  5.   firehol
  6.   firehol.conf
Blob History Raw
root@culturestrings 30ef80 
# Firewall configuration.
root@culturestrings 30ef80 
# This is actually a bash script.
root@culturestrings 30ef80
root@culturestrings 30ef80 
version 6
root@culturestrings 30ef80 
tcpmss auto
root@culturestrings 30ef80
root@culturestrings 30ef80 
###
root@culturestrings 30ef80 
# ipsets to block known malicious hosts -- http://iplists.firehol.org/
root@culturestrings 30ef80 
# updated automatically using update-ipsets (systemd timer)
root@culturestrings 30ef80 
###
root@culturestrings 30ef80
root@culturestrings 30ef80 
ipv4 ipset create   firehol_level1 hash:net
root@culturestrings 30ef80 
ipv4 ipset addfile  firehol_level1 ipsets/firehol_level1.netset
root@culturestrings 30ef80
root@culturestrings 30ef80 
ipv4 ipset create   firehol_level2 hash:net
root@culturestrings 30ef80 
ipv4 ipset addfile  firehol_level2 ipsets/firehol_level2.netset
root@culturestrings 30ef80
root@culturestrings 30ef80 
ipv4 blacklist full ipset:firehol_level1 ipset:firehol_level2
root@culturestrings 30ef80
root@culturestrings 30ef80
root@culturestrings 30ef80 
###
root@culturestrings 30ef80 
# services
root@culturestrings 30ef80 
###
root@culturestrings 30ef80
root@culturestrings 30ef80 
source /root/config/private/fs/etc/server.ports
root@culturestrings 30ef80
root@culturestrings 30ef80 
server_ssh_ports="tcp/$ssh_port"
root@culturestrings 30ef80 
client_ssh_ports="default"
root@culturestrings 30ef80
root@culturestrings 30ef80 
server_openvpn_ports="udp/$vpn_port"
root@culturestrings 30ef80 
client_openvpn_ports="default"
root@culturestrings 30ef80
root@culturestrings 30ef80 
server_git_ports="tcp/9418"
root@culturestrings 30ef80 
client_git_ports="default"
root@culturestrings 30ef80
root@culturestrings 30ef80 
server_mosh_ports="udp/60000:61000"
root@culturestrings 30ef80 
client_mosh_ports="default"
root@culturestrings 30ef80
root@culturestrings 30ef80 
server_qemu_ports="tcp/9001"
root@culturestrings 30ef80 
client_qemu_ports="default"
root@culturestrings 30ef80
root@culturestrings 30ef80 
server_znc_ports="tcp/9951"
root@culturestrings 30ef80 
client_znc_ports="default"
root@culturestrings 30ef80
root@culturestrings 30ef80 
server_nfslow_ports="tcp/111"
root@culturestrings 30ef80 
client_nfslow_ports="default"
root@culturestrings 30ef80
root@culturestrings 30ef80 
server_nfshigh_ports="tcp/2049"
root@culturestrings 30ef80 
client_nfshigh_ports="default"
root@culturestrings 30ef80
root@culturestrings 30ef80
root@culturestrings 30ef80 
# ipv6
root@culturestrings 30ef80 
ipv6 interface any v6interop proto icmpv6
root@culturestrings 30ef80 
    policy accept
root@culturestrings 30ef80
root@culturestrings 30ef80
root@culturestrings 30ef80 
# world
root@culturestrings 30ef80 
interface eth0 world
root@culturestrings 30ef80 
    protection strong
root@culturestrings 30ef80 
    policy     drop
root@culturestrings 30ef80
root@culturestrings 30ef80 
    server ssh          accept
root@culturestrings 30ef80 
    server openvpn      accept
root@culturestrings 30ef80 
    server ping         accept
root@culturestrings 30ef80 
    server git          accept
root@culturestrings 30ef80
root@culturestrings 30ef80 
    server http         accept
root@culturestrings 30ef80 
    server https        accept
root@culturestrings 30ef80
root@culturestrings 30ef80 
    server smtp         accept
root@culturestrings 30ef80 
    server smtps        accept
root@culturestrings 30ef80
root@culturestrings 30ef80 
    server nfslow       accept
root@culturestrings 30ef80 
    server nfshigh      accept
root@culturestrings 30ef80
root@culturestrings 30ef80 
    server qemu         accept src localhost
root@culturestrings 30ef80 
    server mosh         accept src localhost
root@culturestrings 30ef80 
    server znc          accept src localhost
root@culturestrings 30ef80
root@culturestrings 30ef80 
    client all          accept
root@culturestrings 30ef80
root@culturestrings 30ef80
root@culturestrings 30ef80 
# openvpn
root@culturestrings 30ef80 
interface  tun0 openvpn
root@culturestrings 30ef80 
    policy accept
root@culturestrings 30ef80
root@culturestrings 30ef80
root@culturestrings 30ef80 
router4 ipv4vpn inface tun0 outface eth0
root@culturestrings 30ef80 
        masquerade
root@culturestrings 30ef80 
        route  all accept
root@culturestrings 30ef80 
        client all accept
root@culturestrings 30ef80 
        server all accept
root@culturestrings 30ef80
root@culturestrings 30ef80
root@culturestrings 30ef80 
router6 ipv6vpn inface tun0 outface eth0
root@culturestrings 30ef80 
        route  all accept
root@culturestrings 30ef80 
        client all accept
root@culturestrings 30ef80 
        server all accept

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation | About

© Red Hat, Inc. and others.