From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Fri, 7 Sep 2012 05:29:16 +0000 (-0400)
Subject: Firewall rules
X-Git-Tag: debian/1~1
X-Git-Url: https://git.hcoop.net/hcoop/zz_old/debian/hcoop-apache2-config.git/commitdiff_plain/0157acd9994ca22faa9a45b656ddcbc3d6644359

Firewall rules
---

diff --git a/debian/hcoop-apache2-config.install b/debian/hcoop-apache2-config.install
index 9936c66..aeecd1f 100644
--- a/debian/hcoop-apache2-config.install
+++ b/debian/hcoop-apache2-config.install
@@ -1 +1,3 @@
 files/conf.d/* etc/apache2/conf.d
+files/apache_in.rules etc/ferm/service.in.d
+files/apache_out.rules etc/ferm/service.out.d
\ No newline at end of file
diff --git a/files/apache_in.rules b/files/apache_in.rules
new file mode 100644
index 0000000..3e16dc5
--- /dev/null
+++ b/files/apache_in.rules
@@ -0,0 +1 @@
+proto tcp dport (http https) ACCEPT;
\ No newline at end of file
diff --git a/files/apache_out.rules b/files/apache_out.rules
new file mode 100644
index 0000000..3512fd8
--- /dev/null
+++ b/files/apache_out.rules
@@ -0,0 +1,6 @@
+# (allow connections to mod_proxiable hosts)
+@def $APACHEUID = `id www-data -u`;
+
+mod owner uid-owner $APACHEUID { proto tcp daddr 69.90.123.68 dport 1024:65535 ACCEPT; # servers on mire
+    	  	    	       	 proto tcp daddr 69.90.123.67 dport 80 ACCEPT; # mailman on deleuze
+			       }