From 0157acd9994ca22faa9a45b656ddcbc3d6644359 Mon Sep 17 00:00:00 2001
From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Fri, 7 Sep 2012 01:29:16 -0400
Subject: [PATCH] Firewall rules

---
 debian/hcoop-apache2-config.install | 2 ++
 files/apache_in.rules               | 1 +
 files/apache_out.rules              | 6 ++++++
 3 files changed, 9 insertions(+)
 create mode 100644 files/apache_in.rules
 create mode 100644 files/apache_out.rules

diff --git a/debian/hcoop-apache2-config.install b/debian/hcoop-apache2-config.install
index 9936c66..aeecd1f 100644
--- a/debian/hcoop-apache2-config.install
+++ b/debian/hcoop-apache2-config.install
@@ -1 +1,3 @@
 files/conf.d/* etc/apache2/conf.d
+files/apache_in.rules etc/ferm/service.in.d
+files/apache_out.rules etc/ferm/service.out.d
\ No newline at end of file
diff --git a/files/apache_in.rules b/files/apache_in.rules
new file mode 100644
index 0000000..3e16dc5
--- /dev/null
+++ b/files/apache_in.rules
@@ -0,0 +1 @@
+proto tcp dport (http https) ACCEPT;
\ No newline at end of file
diff --git a/files/apache_out.rules b/files/apache_out.rules
new file mode 100644
index 0000000..3512fd8
--- /dev/null
+++ b/files/apache_out.rules
@@ -0,0 +1,6 @@
+# (allow connections to mod_proxiable hosts)
+@def $APACHEUID = `id www-data -u`;
+
+mod owner uid-owner $APACHEUID { proto tcp daddr 69.90.123.68 dport 1024:65535 ACCEPT; # servers on mire
+    	  	    	       	 proto tcp daddr 69.90.123.67 dport 80 ACCEPT; # mailman on deleuze
+			       }
-- 
2.20.1