From 018d75775eab4a0f045949a9d069c57686ca2686 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 21 Apr 2020 08:24:28 -0400
Subject: reorganize github etc directory

---
 etc/net/tcpserver.net | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 etc/net/tcpserver.net

(limited to 'etc/net/tcpserver.net')

diff --git a/etc/net/tcpserver.net b/etc/net/tcpserver.net
new file mode 100644
index 000000000..9c39ee5fb
--- /dev/null
+++ b/etc/net/tcpserver.net
@@ -0,0 +1,27 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT DROP [0:0]
+
+###################################################################
+# Simple tcp filter template. $ARG1 is the port number.
+#
+# Usage:  $ARG1 in this template is replaced by 5001 from command line below
+#
+#   firejail --net=eth0 --ip=192.168.1.105 --netfilter=/etc/firejail/tcpserver.net,5001 server-program
+#
+###################################################################
+
+# allow server traffic
+-A INPUT -p tcp --dport $ARG1 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A OUTPUT -p tcp --sport $ARG1 -m state --state ESTABLISHED -j ACCEPT
+
+# allow incoming ping
+-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+-A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
+
+# allow outgoing DNS
+-A OUTPUT -p udp --dport 53 -j ACCEPT
+-A INPUT -p udp --sport 53 -j ACCEPT
+
+COMMIT
-- 
cgit v1.2.3-70-g09d2