fwbuilder-common 5.1.0-4 / usr / share / fwbuilder-5.1.0.3599 / configlets / secuwall / management_rules

This file is indexed.

/usr/share/fwbuilder-5.1.0.3599/configlets/secuwall/management_rules is in fwbuilder-common 5.1.0-4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
## -*- mode: shell-script; -*-
##

{{if has_secuwall_mgmt_mgmtaddr}}
# SSH access from management stations/networks
for mgmt in {{$secuwall_mgmt_mgmtaddr}} ; do
  {{$begin_rule}} INPUT -p tcp -m tcp -s ${mgmt} --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
  {{$begin_rule}} OUTPUT -p tcp -m tcp -d ${mgmt} --sport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
done
{{endif}}

{{if has_secuwall_mgmt_loggingaddr}}
# logging via SYSLOG to loghosts
for loghost in {{$secuwall_mgmt_loggingaddr}} ; do
  {{$begin_rule}} OUTPUT -p udp -m udp -d ${loghost} --dport 514 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
  {{$begin_rule}} OUTPUT -p tcp -m tcp -d ${loghost} --dport 514 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
  {{$begin_rule}} INPUT -p tcp -m tcp -s ${loghost} --sport 514 -m state --state ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
done
{{endif}}

{{if has_secuwall_mgmt_ntpaddr}}
# get current time via NTP
for ntphost in {{$secuwall_mgmt_ntpaddr}} ; do
  {{$begin_rule}} OUTPUT -p udp -m udp -d ${ntphost} --dport 123 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
  {{$begin_rule}} INPUT -p udp -m udp -s ${ntphost} --sport 123 -m state --state ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
done
{{endif}}

{{if has_secuwall_mgmt_snmpaddr}}
# let us peek via SNMP
for snmp in {{$secuwall_mgmt_snmpaddr}} ; do
  {{$begin_rule}} INPUT -p udp -m udp -s ${snmp} --dport 161 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
  {{$begin_rule}} OUTPUT -p udp -m udp -d ${snmp} --sport 161 -m state --state ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
  {{$begin_rule}} OUTPUT -p udp -m udp -d ${snmp} --dport 162 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
done
{{endif}}

{{if has_secuwall_mgmt_nagiosaddr}}
# access to the NRPE client on the firewall
for nagios in {{$secuwall_mgmt_nagiosaddr}} ; do
  {{$begin_rule}} INPUT -p tcp -m tcp -s ${nagios} --dport 5666 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
  {{$begin_rule}} OUTPUT -p tcp -m tcp -d ${nagios} --sport 5666 -m state --state ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
done
{{endif}}

# client DNS for the firewall
{{if has_secuwall_dns_srv1}}
for dns in {{$secuwall_dns_srv1}} {{$secuwall_dns_srv2}} {{$secuwall_dns_srv3}} ; do
  {{$begin_rule}} OUTPUT -p udp -m udp -d ${dns} --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
  {{$begin_rule}} INPUT -p udp -m udp -s ${dns} --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
  {{$begin_rule}} OUTPUT -p tcp -m tcp -d ${dns} --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
  {{$begin_rule}} INPUT -p tcp -m tcp -s ${dns} --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT {{$end_rule}}
done
{{endif}}

APT Browse - Built by Thomas Orozco.