xZero707/dockerfiles
1
0
Fork 0
mirror of https://github.com/jessfraz/dockerfiles.git synced 2024-11-23 11:31:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

updates for shorewall configs

Browse Source 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
This commit is contained in:
Jessica Frazelle 2015-07-28 04:13:26 -07:00
parent 38c04d1758
commit ae2529386d
4 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
shorewall/etc/interfaces
View File

@ -11,5 +11,5 @@
###############################################################################
#ZONE INTERFACE OPTIONS
- lo ignore
dock docker0
net all dhcp,physical=+,routeback
dock docker0 bridge
net all dhcp,physical=+

3
shorewall/etc/masq
View File

@ -9,5 +9,4 @@
################################################################################################################
#INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ SWITCH ORIGINAL
# GROUP DEST
#eth0 172.17.0.0/16
#wlan0 172.17.42.1/24
#net 172.17.0.0/16

8
shorewall/etc/policy
View File

@ -7,11 +7,13 @@
# http://www.shorewall.net/manpages/shorewall-policy.html
#
###############################################################################
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
dock all ACCEPT
# on a server you would obviously want to accept
dock net ACCEPT
dock fw ACCEPT
net dock DROP
net all DROP
fw net ACCEPT
fw dock ACCEPT

7
shorewall/etc/rules
View File

@ -16,7 +16,8 @@
?SECTION UNTRACKED
?SECTION NEW
Invalid(DROP) net $FW tcp
# on a server you would obiously want to accept here
SSH(DROP) net $FW
Invalid(DROP) net dock tcp
Invalid(DROP) net dock udp
#SSH(ACCEPT) net $FW
# on a server you would obviously want to accept here
Ping(DROP) net $FW
#Ping(ACCEPT) net $FW