diff options
author | netblue30 <netblue30@yahoo.com> | 2017-11-18 08:39:02 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-11-18 08:39:02 -0500 |
commit | ead4ec3089b97eda1b438da248caf76f169345ad (patch) | |
tree | 31bc22bcba4e6530b5f0daba3f332702efa7a4b9 /test/fnetfilter/test1.net | |
parent | Consistent home directory nomenclature (diff) | |
download | firejail-ead4ec3089b97eda1b438da248caf76f169345ad.tar.gz firejail-ead4ec3089b97eda1b438da248caf76f169345ad.tar.zst firejail-ead4ec3089b97eda1b438da248caf76f169345ad.zip |
netfilter template support
Diffstat (limited to 'test/fnetfilter/test1.net')
-rw-r--r-- | test/fnetfilter/test1.net | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/test/fnetfilter/test1.net b/test/fnetfilter/test1.net new file mode 100644 index 000000000..59bef1443 --- /dev/null +++ b/test/fnetfilter/test1.net | |||
@@ -0,0 +1,19 @@ | |||
1 | *filter | ||
2 | # test2 | ||
3 | :INPUT DROP [0:0] | ||
4 | :FORWARD DROP [0:0] | ||
5 | :OUTPUT ACCEPT [0:0] | ||
6 | -A INPUT -i lo -j ACCEPT | ||
7 | -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
8 | # echo replay is handled by -m state RELATED/ESTABLISHED above | ||
9 | #-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT | ||
10 | -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT | ||
11 | -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT | ||
12 | -A INPUT -p icmp --icmp-type echo-request -j ACCEPT | ||
13 | # disable STUN | ||
14 | -A OUTPUT -p udp --dport 3478 -j DROP | ||
15 | -A OUTPUT -p udp --dport 3479 -j DROP | ||
16 | -A OUTPUT -p tcp --dport 3478 -j DROP | ||
17 | -A OUTPUT -p tcp --dport 3479 -j DROP | ||
18 | COMMIT | ||
19 | |||