From 181529089411d6f55333b22d169e87d3f5137eb5 Mon Sep 17 00:00:00 2001 From: latham <latham@ispconfig3> Date: Thu, 30 Jun 2011 12:03:31 -0400 Subject: [PATCH] Remove Microsoft Line endings. Some files have mixed line endings that make Subverison unhappy --- server/conf/ufw.before.rules.master | 156 ++++++++++++++++++++++++++-------------------------- 1 files changed, 78 insertions(+), 78 deletions(-) diff --git a/server/conf/ufw.before.rules.master b/server/conf/ufw.before.rules.master index ab45171..613e525 100644 --- a/server/conf/ufw.before.rules.master +++ b/server/conf/ufw.before.rules.master @@ -1,78 +1,78 @@ -# -# rules.before -# -# Rules that should be run before the ufw command line added rules. Custom -# rules should be added to one of these chains: -# ufw-before-input -# ufw-before-output -# ufw-before-forward -# - -# Don't delete these required lines, otherwise there will be errors -*filter -:ufw-before-input - [0:0] -:ufw-before-output - [0:0] -:ufw-before-forward - [0:0] -:ufw-not-local - [0:0] -# End required lines - - -# allow all on loopback --A ufw-before-input -i lo -j ACCEPT --A ufw-before-output -o lo -j ACCEPT - -# connection tracking rules --A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT - -# drop INVALID packets (logs these in loglevel medium and higher) --A ufw-before-input -m state --state INVALID -j ufw-logging-deny --A ufw-before-input -m state --state INVALID -j DROP - -# connection tracking for outbound --A ufw-before-output -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT --A ufw-before-output -p udp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT - -# ok icmp codes --A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT --A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT --A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT --A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT --A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT - -# allow dhcp client to work --A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT - -# -# ufw-not-local -# --A ufw-before-input -j ufw-not-local - -# if LOCAL, RETURN --A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN - -# if MULTICAST, RETURN --A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN - -# if BROADCAST, RETURN --A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN - -# all other non-local packets are dropped --A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny --A ufw-not-local -j DROP - -# allow MULTICAST, be sure the MULTICAST line above is uncommented --A ufw-before-input -s 224.0.0.0/4 -j ACCEPT --A ufw-before-input -d 224.0.0.0/4 -j ACCEPT - -COMMIT - -# nat Table rules -*nat -:POSTROUTING ACCEPT [0:0] - --A POSTROUTING -s 192.168.5.2/24 -o eth0 -j SNAT --to 192.168.5.105 - --A PREROUTING -p tcp -d 192.168.5.105 --dport 80 -i eth0 -j DNAT --to-destination 192.168.5.200:80 - -# don't delete the 'COMMIT' line or these rules won't be processed -COMMIT +# +# rules.before +# +# Rules that should be run before the ufw command line added rules. Custom +# rules should be added to one of these chains: +# ufw-before-input +# ufw-before-output +# ufw-before-forward +# + +# Don't delete these required lines, otherwise there will be errors +*filter +:ufw-before-input - [0:0] +:ufw-before-output - [0:0] +:ufw-before-forward - [0:0] +:ufw-not-local - [0:0] +# End required lines + + +# allow all on loopback +-A ufw-before-input -i lo -j ACCEPT +-A ufw-before-output -o lo -j ACCEPT + +# connection tracking rules +-A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT + +# drop INVALID packets (logs these in loglevel medium and higher) +-A ufw-before-input -m state --state INVALID -j ufw-logging-deny +-A ufw-before-input -m state --state INVALID -j DROP + +# connection tracking for outbound +-A ufw-before-output -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT +-A ufw-before-output -p udp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT + +# ok icmp codes +-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT +-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT +-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT +-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT +-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT + +# allow dhcp client to work +-A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT + +# +# ufw-not-local +# +-A ufw-before-input -j ufw-not-local + +# if LOCAL, RETURN +-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN + +# if MULTICAST, RETURN +-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN + +# if BROADCAST, RETURN +-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN + +# all other non-local packets are dropped +-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny +-A ufw-not-local -j DROP + +# allow MULTICAST, be sure the MULTICAST line above is uncommented +-A ufw-before-input -s 224.0.0.0/4 -j ACCEPT +-A ufw-before-input -d 224.0.0.0/4 -j ACCEPT + +COMMIT + +# nat Table rules +*nat +:POSTROUTING ACCEPT [0:0] + +-A POSTROUTING -s 192.168.5.2/24 -o eth0 -j SNAT --to 192.168.5.105 + +-A PREROUTING -p tcp -d 192.168.5.105 --dport 80 -i eth0 -j DNAT --to-destination 192.168.5.200:80 + +# don't delete the 'COMMIT' line or these rules won't be processed +COMMIT -- Gitblit v1.9.1