/lib/live/debconfig/0200-ferm is in live-debconfig 4.0~alpha31-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 | #!/bin/sh
## live-debconfig(7) - System Configuration Components
## Copyright (C) 2006-2013 Daniel Baumann <mail@daniel-baumann.ch>
##
## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
## This is free software, and you are welcome to redistribute it
## under certain conditions; see COPYING for details.
set -e
DEBCONF_SYSTEMRC="/var/lib/live/debconfig/systemrc"
export DEBCONF_SYSTEMRC
. /usr/share/debconf/confmodule
db_get live-debconfig/ferm/ipv4-ports
_IPV4_PORTS="${RET}" # string (w/ empty)
db_set live-debconfig/ferm/ipv4-ports "${_IPV4_PORTS}"
db_fset live-debconfig/ferm/ipv4-ports seen false
db_settitle live-debconfig/title
db_input high live-debconfig/ferm/ipv4-ports || true
db_go
db_get live-debconfig/ferm/ipv4-ports
_IPV4_PORTS="${RET}" # string (w/ empty)
db_stop
# Setup ferm
mkdir -p /etc/ferm
cat > /etc/ferm/ferm.conf.tmp << EOF
# /etc/ferm/ferm.conf
table filter {
chain INPUT {
policy DROP;
# connection tracking
mod state state INVALID DROP;
mod state state (ESTABLISHED RELATED) ACCEPT;
# allow local packet
interface lo ACCEPT;
# respond to ping
proto icmp ACCEPT;
# allow incoming packets
proto tcp dport (@IPV4_PORTS@) ACCEPT;
}
chain OUTPUT {
policy ACCEPT;
# connection tracking
#mod state state INVALID DROP;
mod state state (ESTABLISHED RELATED) ACCEPT;
}
chain FORWARD {
policy DROP;
# connection tracking
mod state state INVALID DROP;
mod state state (ESTABLISHED RELATED) ACCEPT;
}
}
EOF
sed -e "s|@IPV4_PORTS@|${_IPV4_PORTS}|" /etc/ferm/ferm.conf.tmp > /etc/ferm/ferm.conf
rm -f /etc/ferm/ferm.conf.tmp
# reload ferm
|