Firewall rules

author Clinton Ebadi <clinton@unknownlamer.org>

Fri, 7 Sep 2012 05:29:16 +0000 (01:29 -0400)

committer Clinton Ebadi <clinton@unknownlamer.org>

Fri, 7 Sep 2012 05:29:16 +0000 (01:29 -0400)
author Clinton Ebadi <clinton@unknownlamer.org>
Fri, 7 Sep 2012 05:29:16 +0000 (01:29 -0400)
committer Clinton Ebadi <clinton@unknownlamer.org>
Fri, 7 Sep 2012 05:29:16 +0000 (01:29 -0400)
diff --git a/debian/hcoop-apache2-config.install b/debian/hcoop-apache2-config.install

index 9936c66..aeecd1f 100644 (file)
--- a/debian/hcoop-apache2-config.install
+++ b/debian/hcoop-apache2-config.install
@@ -1 +1,3 @@
  files/conf.d/* etc/apache2/conf.d
+files/apache_in.rules etc/ferm/service.in.d
+files/apache_out.rules etc/ferm/service.out.d
+\ No newline at end of file
diff --git a/files/apache_in.rules b/files/apache_in.rules

new file mode 100644 (file)

index 0000000..3e16dc5
--- /dev/null
+++ b/files/apache_in.rules
@@ -0,0 +1 @@
+proto tcp dport (http https) ACCEPT;
+\ No newline at end of file
diff --git a/files/apache_out.rules b/files/apache_out.rules

new file mode 100644 (file)

index 0000000..3512fd8
--- /dev/null
+++ b/files/apache_out.rules
@@ -0,0 +1,6 @@
+# (allow connections to mod_proxiable hosts)
+@def $APACHEUID = `id www-data -u`;
+
+mod owner uid-owner $APACHEUID { proto tcp daddr 69.90.123.68 dport 1024:65535 ACCEPT; # servers on mire
+                                proto tcp daddr 69.90.123.67 dport 80 ACCEPT; # mailman on deleuze
+                              }
author	Clinton Ebadi <clinton@unknownlamer.org>
	Fri, 7 Sep 2012 05:29:16 +0000 (01:29 -0400)
committer	Clinton Ebadi <clinton@unknownlamer.org>
	Fri, 7 Sep 2012 05:29:16 +0000 (01:29 -0400)
debian/hcoop-apache2-config.install		patch \| blob \| blame \| history
files/apache_in.rules	[new file with mode: 0644]	patch \| blob
files/apache_out.rules	[new file with mode: 0644]	patch \| blob