PC World Komputer 2010 April

home *** CD-ROM | disk | FTP | other *** search

/ PC World Komputer 2010 April / PCWorld0410.iso / hity wydania / Ubuntu 9.10 PL / karmelkowy-koliberek-desktop-9.10-i386-PL.iso / casper / filesystem.squashfs / etc / ufw / before6.rules < prev next >

Wrap

Text File | 2009-09-23 | 2KB | 55 lines

# # rules.before # # Rules that should be run before the ufw command line added rules. Custom # rules should be added to one of these chains: # ufw6-before-input # ufw6-before-output # ufw6-before-forward # # Don't delete these required lines, otherwise there will be errors *filter :ufw6-before-input - [0:0] :ufw6-before-output - [0:0] :ufw6-before-forward - [0:0] # End required lines # allow all on loopback -A ufw6-before-input -i lo -j ACCEPT -A ufw6-before-output -o lo -j ACCEPT # for stateless autoconfiguration (restrict NDP messages to hop limit of 255) -A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT # quickly process packets for which we already have a connection -A ufw6-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT -A ufw6-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT # drop INVALID packets (logs these in loglevel medium and higher) -A ufw6-before-input -m state --state INVALID -j ufw6-logging-deny -A ufw6-before-input -m state --state INVALID -j DROP # ok icmp codes -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT # allow dhcp client to work -A ufw6-before-input -p udp --sport 67 --dport 68 -j ACCEPT # allow MULTICAST -A ufw6-before-input -p icmpv6 -s ff00::1/8 -j ACCEPT -A ufw6-before-input -p icmpv6 -d ff00::1/8 -j ACCEPT -A ufw6-before-input -p icmpv6 -s ff00::2/8 -j ACCEPT -A ufw6-before-input -p icmpv6 -d ff00::2/8 -j ACCEPT # don't delete the 'COMMIT' line or these rules won't be processed COMMIT