diff options
Diffstat (limited to 'test/fnetfilter/test1.net')
| -rw-r--r-- | test/fnetfilter/test1.net | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/test/fnetfilter/test1.net b/test/fnetfilter/test1.net new file mode 100644 index 000000000..59bef1443 --- /dev/null +++ b/test/fnetfilter/test1.net | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | *filter | ||
| 2 | # test2 | ||
| 3 | :INPUT DROP [0:0] | ||
| 4 | :FORWARD DROP [0:0] | ||
| 5 | :OUTPUT ACCEPT [0:0] | ||
| 6 | -A INPUT -i lo -j ACCEPT | ||
| 7 | -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
| 8 | # echo replay is handled by -m state RELATED/ESTABLISHED above | ||
| 9 | #-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT | ||
| 10 | -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT | ||
| 11 | -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT | ||
| 12 | -A INPUT -p icmp --icmp-type echo-request -j ACCEPT | ||
| 13 | # disable STUN | ||
| 14 | -A OUTPUT -p udp --dport 3478 -j DROP | ||
| 15 | -A OUTPUT -p udp --dport 3479 -j DROP | ||
| 16 | -A OUTPUT -p tcp --dport 3478 -j DROP | ||
| 17 | -A OUTPUT -p tcp --dport 3479 -j DROP | ||
| 18 | COMMIT | ||
| 19 | |||