All pastes #2110191 Raw Edit

Untitled

public text v1 · immutable
#2110191 ·published 2012-02-06 12:42 UTC
rendered paste body
#
# Shorewall version 4.0 - Sample Rules File for two-interface configuration.
# Copyright (C) 2006,2007 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-rules"
#
# The manpage is also online at 
# http://shorewall.net/manpages/shorewall-rules.html
#
#############################################################################################################
#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK
#							PORT	PORT(S)		DEST		LIMIT		GROUP
#
#	Accept DNS connections from the firewall to the network
#
DNS/ACCEPT	$FW		net
#
#	Accept SSH connections from the local network for administration
#
SSH/ACCEPT	loc		$FW
#
#	Allow Ping from the local network
#
Ping/ACCEPT	loc		$FW

#
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
#

Ping/DROP	net		$FW

ACCEPT		$FW		loc		icmp
ACCEPT		$FW		net		icmp
#

HTTP/ACCEPT	$FW	net
DNS/ACCEPT	loc	net
HTTPS/ACCEPT	$FW	net
# Acceso ssh externo
ACCEPT	net	$FW	tcp	4657

# VPN
#ACCEPT	net	$FW	tcp	1723
#ACCEPT	net	$FW	47
#ACCEPT	$FW	net	47
#ACCEPT	$FW	net	gre	
#ACCEPT	net	$FW	tcp	1723

ACCEPT	$FW	net	udp	ntp

ACCEPT	$FW	net	udp	ntp
REDIRECT	loc	3128	tcp	www
ACCEPT	loc	$FW	tcp	3128
ACCEPT	loc	$FW	tcp	pop3
ACCEPT	loc	$FW	tcp	smtp
ACCEPT	loc	$FW	tcp	domain
ACCEPT	loc	$FW	udp	domain
ACCEPT	loc	$FW	tcp	137
ACCEPT	loc	$FW	tcp	138
ACCEPT	loc	$FW	tcp	139
ACCEPT	loc	$FW	udp	137
ACCEPT	loc	$FW	udp	138
ACCEPT	loc	$FW	udp	139
ACCEPT	loc	$FW	tcp	10000
ACCEPT	loc	$FW	tcp	22
#ACCEPT	loc	$FW	tcp	21
#ACCEPT	loc	$FW	udp	21
ACCEPT	loc	$FW	tcp	ftp
ACCEPT	loc	$FW	icmp	

# Mapeo para Maquina Grabadora
DNAT	net	loc:192.168.2.18:4000	tcp	4000

# Webmin para cmg

#DNAT	net	loc:192.168.2.202	tcp	10000
#DNAT	net	loc:192.168.2.202	udp	10000

# Mapeo para Router de VoIP
DNAT	net	loc:192.168.2.250	udp	5060,5061
DNAT	net	loc:192.168.2.250	udp	16384,16482,16383
DNAT	net	loc:192.168.2.250	tcp	8080
ACCEPT	loc:192.168.2.250	net	all
# Se permite acceso a smtp de gmail
ACCEPT	loc	net	tcp	993
DNAT	net	loc:192.168.2.177	udp	51915

# Se permite acceso a ftp a todos
ACCEPT	loc	net	udp	993
ACCEPT	loc	net	tcp	21

# Se permite acceso a gmail
ACCEPT	loc	net	udp	21

ACCEPT	loc	net	tcp	465
ACCEPT	loc	net	tcp	25


ACCEPT	loc	net	udp	25
DNAT	net	loc:192.168.2.177	tcp	51915

ACCEPT	loc	all	tcp

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE