aboutsummaryrefslogtreecommitdiffstats
path: root/etc/net/webserver.net
diff options
context:
space:
mode:
Diffstat (limited to 'etc/net/webserver.net')
-rw-r--r--etc/net/webserver.net29
1 files changed, 29 insertions, 0 deletions
diff --git a/etc/net/webserver.net b/etc/net/webserver.net
new file mode 100644
index 000000000..83db76825
--- /dev/null
+++ b/etc/net/webserver.net
@@ -0,0 +1,29 @@
1*filter
2:INPUT DROP [0:0]
3:FORWARD DROP [0:0]
4:OUTPUT DROP [0:0]
5
6###################################################################
7# Simple webserver filter
8#
9# Usage:
10# firejail --net=eth0 --ip=192.168.1.105 --netfilter=/etc/firejail/webserver.net /etc/init.d/apache2 start
11# firejail --net=eth0 --ip=192.168.1.105 --netfilter=/etc/firejail/webserver.net /etc/init.d/nginx start
12#
13###################################################################
14
15# allow webserver traffic
16-A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
17-A OUTPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
18-A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
19-A OUTPUT -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
20
21# allow incoming ping
22-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
23-A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
24
25# allow outgoing DNS
26-A OUTPUT -p udp --dport 53 -j ACCEPT
27-A INPUT -p udp --sport 53 -j ACCEPT
28
29COMMIT
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-04 16:14:53 +0000