diff options
author | netblue30 <netblue30@yahoo.com> | 2017-11-13 07:55:29 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-11-13 07:55:29 -0500 |
commit | 39a175d692bfa8514a649449c938afbc2c12dc6f (patch) | |
tree | 54796c70ee3cdcca3a0607e5c1d74269bd27913a /etc | |
parent | Add private-dev to qtox (diff) | |
download | firejail-39a175d692bfa8514a649449c938afbc2c12dc6f.tar.gz firejail-39a175d692bfa8514a649449c938afbc2c12dc6f.tar.zst firejail-39a175d692bfa8514a649449c938afbc2c12dc6f.zip |
cleanup
Diffstat (limited to 'etc')
-rw-r--r-- | etc/nolocal.net | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/etc/nolocal.net b/etc/nolocal.net index 9fa785450..8955f740d 100644 --- a/etc/nolocal.net +++ b/etc/nolocal.net | |||
@@ -12,15 +12,25 @@ | |||
12 | # | 12 | # |
13 | ################################################################### | 13 | ################################################################### |
14 | 14 | ||
15 | 15 | #allow all loopback traffic | |
16 | -A INPUT -i lo -j ACCEPT | 16 | -A INPUT -i lo -j ACCEPT |
17 | |||
18 | # no incoming connections | ||
17 | -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | 19 | -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
20 | |||
21 | # allow ping etc. | ||
18 | -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT | 22 | -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT |
19 | -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT | 23 | -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT |
20 | -A INPUT -p icmp --icmp-type echo-request -j ACCEPT | 24 | -A INPUT -p icmp --icmp-type echo-request -j ACCEPT |
21 | 25 | ||
26 | # accept dns requests going out to a server on the local network | ||
22 | -A OUTPUT -p udp --dport 53 -j ACCEPT | 27 | -A OUTPUT -p udp --dport 53 -j ACCEPT |
28 | |||
29 | # drop all local network traffic | ||
23 | -A OUTPUT -d 192.168.0.0/16 -j DROP | 30 | -A OUTPUT -d 192.168.0.0/16 -j DROP |
24 | -A OUTPUT -d 10.0.0.0/8 -j DROP | 31 | -A OUTPUT -d 10.0.0.0/8 -j DROP |
25 | -A OUTPUT -d 172.16.0.0/12 -j DROP | 32 | -A OUTPUT -d 172.16.0.0/12 -j DROP |
33 | |||
34 | # drop multicast traffic | ||
35 | -A OUTPUT -d 244.0.0.0/4 -j DROP | ||
26 | COMMIT | 36 | COMMIT |