From: Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> --- configs/system/ip6tables-template.conf.erb | 40 ++++++++++++++++++++++++++++ 1 files changed, 40 insertions(+), 0 deletions(-) create mode 100644 configs/system/ip6tables-template.conf.erb diff --git a/configs/system/ip6tables-template.conf.erb b/configs/system/ip6tables-template.conf.erb new file mode 100644 index 0000000..e0a0efc --- /dev/null +++ b/configs/system/ip6tables-template.conf.erb @@ -0,0 +1,40 @@ +# Firewall configuration written by system-config-securitylevel +# Manual customization of this file is not recommended. +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:RH-Firewall-1-INPUT - [0:0] +-A INPUT -j RH-Firewall-1-INPUT +-A FORWARD -j RH-Firewall-1-INPUT + +# loopback allowed +-A RH-Firewall-1-INPUT -i lo -j ACCEPT + +# Accept ping and traceroute (needs icmp) +-A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT + +# Accept IPv6 packets at all +-A RH-Firewall-1-INPUT -p 50 -j ACCEPT +-A RH-Firewall-1-INPUT -p 51 -j ACCEPT + +# Accept SSH +-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT + +# Custom Services +<% custom.each do |cust| -%> +<%= cust %> +<% end -%> + +# Services TCP +<% tcpPorts.each do |port| -%> +-A RH-Firewall-1-INPUT -p tcp -m tcp --dport <%= port %> -j ACCEPT +<% end -%> + +# Services UDP +<% udpPorts.each do |port| -%> +-A RH-Firewall-1-INPUT -p udp -m udp --dport <%= port %> -j ACCEPT +<% end -%> + +-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited +COMMIT -- 1.5.5.6 _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
