From ead4ec3089b97eda1b438da248caf76f169345ad Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 18 Nov 2017 08:39:02 -0500
Subject: netfilter template support

---
 test/fnetfilter/test1.net | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 test/fnetfilter/test1.net

(limited to 'test/fnetfilter/test1.net')

diff --git a/test/fnetfilter/test1.net b/test/fnetfilter/test1.net
new file mode 100644
index 000000000..59bef1443
--- /dev/null
+++ b/test/fnetfilter/test1.net
@@ -0,0 +1,19 @@
+*filter
+# test2
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+# echo replay is handled by -m state RELATED/ESTABLISHED above
+#-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
+-A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
+-A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
+-A INPUT -p icmp --icmp-type echo-request -j ACCEPT 
+# disable STUN
+-A OUTPUT -p udp --dport 3478 -j DROP
+-A OUTPUT -p udp --dport 3479 -j DROP
+-A OUTPUT -p tcp --dport 3478 -j DROP
+-A OUTPUT -p tcp --dport 3479 -j DROP
+COMMIT
+
-- 
cgit v1.2.3-54-g00ecf