Ferm
Aus ConfigWiki
Version vom 7. Januar 2011, 17:07 Uhr von Netbreaker (Diskussion | Beiträge)
~# aptitude install ferm
Beispielkonfiguration:
/etc/ferm# cat ferm.conf # ferm rules generated by import-ferm # http://ferm.foo-projects.org/ hook pre "modprobe nf_conntrack_ftp"; #hook pre "modprobe nf_nat_ftp"; domain ip { table filter { chain INPUT { policy DROP; ACCEPT { mod state state (RELATED ESTABLISHED); interface lo; protocol (icmp esp ah); protocol udp dport 500; protocol tcp { dport (http smtp); dport ssh mod hashlimit hashlimit 10/min hashlimit-mode srcip hashlimit-name ssh; } } LOG log-prefix "reject-in "; REJECT; } chain FORWARD { policy DROP; REJECT; } chain OUTPUT { policy DROP; ACCEPT { mod state state (RELATED ESTABLISHED); outerface lo; protocol udp dport domain daddr 192.168.4.100; mod owner uid-owner (root rico); } LOG log-prefix reject-out; REJECT; } } table nat { chain POSTROUTING { policy ACCEPT; mod mark mark 0x25 MASQUERADE; } chain INPUT policy ACCEPT; chain OUTPUT policy ACCEPT; chain PREROUTING policy ACCEPT; } table mangle { chain OUTPUT { policy ACCEPT; protocol tcp dport 25 MARK set-xmark 0x25/0xffffffff; } chain FORWARD policy ACCEPT; chain INPUT policy ACCEPT; chain PREROUTING policy ACCEPT; chain POSTROUTING policy ACCEPT; } }