# -*- shell-script -*- # # Ferm example script # # Firewall configuration for a workstation which accepts remote ssh login. # # Author: Max Kellermann # table filter { chain INPUT { policy DROP; # connection tracking mod state state INVALID DROP; mod state state (ESTABLISHED RELATED) ACCEPT; # allow local connections interface lo ACCEPT; # respond to ping proto icmp icmp-type echo-request ACCEPT; # allow SSH connections proto tcp dport ssh ACCEPT; # ident connections are also allowed proto tcp dport auth ACCEPT; # the rest is dropped by the above policy } # outgoing connections are not limited chain OUTPUT policy ACCEPT; # this is not a router chain FORWARD policy DROP; }