X-Git-Url: https://git.hcoop.net/hcoop/zz_old/debian/hcoop-firewall-config.git/blobdiff_plain/d4245e04087ddf9d3a8284357c710be5351ca073..2994c128dfe5d820316a473c72d82b42df41a791:/files/ferm.conf.hcoop

diff --git a/files/ferm.conf.hcoop b/files/ferm.conf.hcoop
index 2637c92..500a573 100644
--- a/files/ferm.conf.hcoop
+++ b/files/ferm.conf.hcoop
@@ -29,8 +29,9 @@ table filter {
 	proto (tcp udp) dport ( kerberos afs3-callback ) ACCEPT;
 
 	# system ports
+	@include 'service.in.d/';
 	@include 'local_ports_in.conf';
-	#@include 'users_tcp_in.conf'
+	@include 'users_tcp_in.conf';
     }
     chain OUTPUT {
         policy DROP;
@@ -46,6 +47,7 @@ table filter {
 	proto tcp dport 1235 ACCEPT;
 
 	proto (tcp udp) dport ( kerberos afs3-fileserver afs3-callback afs3-prserver afs3-vlserver afs3-volser afs3-errors afs3-bos ) ACCEPT;
+	proto tcp dport kerberos-adm ACCEPT;
 
 	proto (tcp udp) dport ntp ACCEPT;
 	proto (tcp udp) dport domain ACCEPT;
@@ -53,8 +55,9 @@ table filter {
         # root needs port 80 for things like apt-get
 	mod owner uid-owner 0 { proto (tcp) dport (http https) ACCEPT; }
 
+	@include 'service.out.d/';
 	@include 'local_ports_out.conf';
-	#include 'users_tcp_out.conf'
+	@include 'users_tcp_out.conf';
     }
     chain FORWARD {
         policy DROP;
@@ -65,7 +68,7 @@ table filter {
     }
 }
 
-#include 'user_chains.conf'
+@include 'user_chains.conf';
 
 # IPv6:
 #domain ip6 {