proto (tcp udp) dport ( kerberos afs3-callback ) ACCEPT;
# system ports
+ @include 'service.in.d/';
@include 'local_ports_in.conf';
- #@include 'users_tcp_in.conf'
+ @include 'users_tcp_in.conf'
}
chain OUTPUT {
policy DROP;
proto tcp dport 1235 ACCEPT;
proto (tcp udp) dport ( kerberos afs3-fileserver afs3-callback afs3-prserver afs3-vlserver afs3-volser afs3-errors afs3-bos ) ACCEPT;
+ proto tcp dport kerberos-adm ACCEPT;
proto (tcp udp) dport ntp ACCEPT;
proto (tcp udp) dport domain ACCEPT;
# root needs port 80 for things like apt-get
mod owner uid-owner 0 { proto (tcp) dport (http https) ACCEPT; }
+ @include 'service.out.d/';
@include 'local_ports_out.conf';
- #include 'users_tcp_out.conf'
+ @include 'users_tcp_out.conf'
}
chain FORWARD {
policy DROP;
}
}
-#include 'user_chains.conf'
+@include 'user_chains.conf'
# IPv6:
#domain ip6 {