diff options
Diffstat (limited to 'test/fnetfilter/test1.net')
-rw-r--r-- | test/fnetfilter/test1.net | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/test/fnetfilter/test1.net b/test/fnetfilter/test1.net new file mode 100644 index 000000000..59bef1443 --- /dev/null +++ b/test/fnetfilter/test1.net | |||
@@ -0,0 +1,19 @@ | |||
1 | *filter | ||
2 | # test2 | ||
3 | :INPUT DROP [0:0] | ||
4 | :FORWARD DROP [0:0] | ||
5 | :OUTPUT ACCEPT [0:0] | ||
6 | -A INPUT -i lo -j ACCEPT | ||
7 | -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
8 | # echo replay is handled by -m state RELATED/ESTABLISHED above | ||
9 | #-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT | ||
10 | -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT | ||
11 | -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT | ||
12 | -A INPUT -p icmp --icmp-type echo-request -j ACCEPT | ||
13 | # disable STUN | ||
14 | -A OUTPUT -p udp --dport 3478 -j DROP | ||
15 | -A OUTPUT -p udp --dport 3479 -j DROP | ||
16 | -A OUTPUT -p tcp --dport 3478 -j DROP | ||
17 | -A OUTPUT -p tcp --dport 3479 -j DROP | ||
18 | COMMIT | ||
19 | |||