Enable user chains

[hcoop/zz_old/debian/hcoop-firewall-config.git] / files / ferm.conf.hcoop

diff --git a/files/ferm.conf.hcoop b/files/ferm.conf.hcoop
index 2637c92..a188b4c 100644 (file)
--- a/files/ferm.conf.hcoop
+++ b/files/ferm.conf.hcoop
@@ -29,8 +29,9 @@ table filter {
        proto (tcp udp) dport ( kerberos afs3-callback ) ACCEPT;
 
        # system ports
+       @include 'service.in.d/';
        @include 'local_ports_in.conf';
-       #@include 'users_tcp_in.conf'
+       @include 'users_tcp_in.conf'
     }
     chain OUTPUT {
         policy DROP;
@@ -46,6 +47,7 @@ table filter {
        proto tcp dport 1235 ACCEPT;
 
        proto (tcp udp) dport ( kerberos afs3-fileserver afs3-callback afs3-prserver afs3-vlserver afs3-volser afs3-errors afs3-bos ) ACCEPT;
+       proto tcp dport kerberos-adm ACCEPT;
 
        proto (tcp udp) dport ntp ACCEPT;
        proto (tcp udp) dport domain ACCEPT;
@@ -53,8 +55,9 @@ table filter {
         # root needs port 80 for things like apt-get
        mod owner uid-owner 0 { proto (tcp) dport (http https) ACCEPT; }
 
+       @include 'service.out.d/';
        @include 'local_ports_out.conf';
-       #include 'users_tcp_out.conf'
+       @include 'users_tcp_out.conf'
     }
     chain FORWARD {
         policy DROP;
@@ -65,7 +68,7 @@ table filter {
     }
 }
 
-#include 'user_chains.conf'
+@include 'user_chains.conf'
 
 # IPv6:
 #domain ip6 {