NOVO
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
####################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
# To avoid connection delays, reject AUTH if the user hasn't ACCEPTED it above
#
REJECT net:41.0.0.0/8 fw tcp
REJECT net fw tcp 113
REJECT net fw udp 137
REJECT loc fw udp 137
REJECT loc loc udp 137
REJECT loc net udp 137
#
# Accept DNS connections from the firewall to the network
#
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 7575
ACCEPT fw loc tcp 7575
#
# Accept SSH connections from the internet for administration
#
ACCEPT net fw tcp 7575
ACCEPT fw net tcp 7575
#
#ACCEPT loc fw tcp 22
#ACCEPT fw loc tcp 22
#
# Accept SSH connections from the internet for administration
#
#ACCEPT net fw tcp 22
#ACCEPT fw net tcp 22
#
ACCEPT loc fw tcp 1080
ACCEPT fw loc tcp 1080
#
ACCEPT fw net tcp 1080
#
ACCEPT loc fw tcp 2738
ACCEPT fw loc tcp 2738
#
ACCEPT loc fw udp 2738
ACCEPT fw loc udp 2738
#
ACCEPT fw net tcp 3890
ACCEPT loc net tcp 3890
#
ACCEPT loc fw tcp 1991
ACCEPT fw loc tcp 1991
#
ACCEPT loc fw udp 1991
ACCEPT fw loc udp 1991
#
ACCEPT fw net tcp 1991
ACCEPT loc net tcp 1991
#
# Make ping work
#
ACCEPT fw loc icmp 8
ACCEPT loc fw icmp 8
ACCEPT fw net icmp 8
ACCEPT net fw icmp 8
# Accept SMTP connections #from the internet for administration
#
ACCEPT:info loc net:202.22.192.1 tcp 25
ACCEPT:info net fw tcp 25
ACCEPT:info net fw tcp 465
ACCEPT:info loc fw tcp 25
ACCEPT:info fw net tcp 25
REJECT:info loc net tcp 25
#Accept Webmin Connection
ACCEPT net fw tcp 10000
ACCEPT fw net tcp 10000
#
# FTP
ACCEPT loc fw tcp 21
ACCEPT fw loc tcp 21
ACCEPT net fw tcp 21
ACCEPT fw net tcp 21
ACCEPT loc net tcp 21
ACCEPT net loc tcp 21
ACCEPT loc fw tcp 20
ACCEPT fw loc tcp 20
ACCEPT net fw tcp 20
ACCEPT fw net tcp 20
ACCEPT loc net tcp 20
ACCEPT net loc tcp 20
#
# Accept POP3connections
#
ACCEPT fw net tcp 110
ACCEPT net fw tcp 110
ACCEPT loc net tcp 110
ACCEPT fw loc tcp 110
# Accept HTTP,HTTPS connections
ACCEPT fw net tcp 21
ACCEPT fw net tcp 80
ACCEPT loc net tcp 443
ACCEPT loc net tcp 80
REJECT loc net tcp 3128
ACCEPT loc net tcp 3128
ACCEPT loc net tcp 8080
ACCEPT loc fw tcp 8080
ACCEPT fw loc tcp 8080
ACCEPT net loc tcp 8080
ACCEPT net fw tcp 80
ACCEPT net fw tcp 443
ACCEPT net fw tcp 993
ACCEPT net fw tcp 995
ACCEPT fw net tcp 443
ACCEPT loc fw tcp 3128
##spamassassin
ACCEPT fw net tcp 2703
ACCEPT loc fw tcp 2703
ACCEPT fw net udp 6277
ACCEPT loc fw udp 6277
ACCEPT net fw tcp 2703
ACCEPT fw net tcp 2703
ACCEPT fw net udp 24441
#
DNAT net loc:192.168.1.70 tcp 3389 - 203.76.153.83
#
#End spamassassin
# Force All web traffic to the Squid proxy server
REDIRECT loc 3128 tcp www
REDIRECT loc 3128 tcp 8080
#
#vpn
ACCEPT net fw tcp 50
ACCEPT loc fw tcp 50
ACCEPT fw net tcp 50
#
ACCEPT net fw udp 500
ACCEPT loc fw udp 500
ACCEPT fw net udp 500
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
search hit BOTTOM, continuing at TOP
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 7575
ACCEPT fw loc tcp 7575
#
# Accept SSH connections from the internet for administration
#
ACCEPT net fw tcp 7575
ACCEPT fw net tcp 7575
#
#ACCEPT loc fw tcp 22
#ACCEPT fw loc tcp 22
#
# Accept SSH connections from the internet for administration
#
#ACCEPT net fw tcp 22
#ACCEPT fw net tcp 22
#
ACCEPT loc fw tcp 1080
ACCEPT fw loc tcp 1080
#
ACCEPT fw net tcp 1080
#
ACCEPT loc fw tcp 2738
ACCEPT fw loc tcp 2738
#
ACCEPT loc fw udp 2738
ACCEPT fw loc udp 2738
#
ACCEPT fw net tcp 3890
ACCEPT loc net tcp 3890
#
ACCEPT loc fw tcp 1991
ACCEPT fw loc tcp 1991
#
ACCEPT loc fw udp 1991
ACCEPT fw loc udp 1991
#
/80
ACCEPT net fw tcp 21
ACCEPT fw net tcp 21
ACCEPT loc net tcp 21
ACCEPT net loc tcp 21
ACCEPT loc fw tcp 20
ACCEPT fw loc tcp 20
ACCEPT net fw tcp 20
ACCEPT fw net tcp 20
ACCEPT loc net tcp 20
ACCEPT net loc tcp 20
#
# Accept POP3connections
#
ACCEPT fw net tcp 110
ACCEPT net fw tcp 110
ACCEPT loc net tcp 110
ACCEPT fw loc tcp 110
# Accept HTTP,HTTPS connections
ACCEPT fw net tcp 21
ACCEPT fw net tcp 80
ACCEPT loc net tcp 443
ACCEPT loc net tcp 80
REJECT loc net tcp 3128
ACCEPT loc net tcp 3128
ACCEPT loc net tcp 8080
ACCEPT loc fw tcp 8080
ACCEPT fw loc tcp 8080
ACCEPT net loc tcp 8080
ACCEPT net fw tcp 80
ACCEPT net fw tcp 443
ACCEPT net fw tcp 993
ACCEPT net fw tcp 995
ACCEPT fw net tcp 443
ACCEPT loc fw tcp 3128
##spamassassin
ACCEPT fw net tcp 2703
ACCEPT loc fw tcp 2703
ACCEPT fw net udp 6277
ACCEPT loc fw udp 6277
ACCEPT net fw tcp 2703
ACCEPT fw net tcp 2703
ACCEPT fw net udp 24441
#
DNAT net loc:192.168.1.70 tcp 3389 - 203.76.153.83
#
#End spamassassin
# Force All web traffic to the Squid proxy server
REDIRECT loc 3128 tcp www
REDIRECT loc 3128 tcp 8080
search hit BOTTOM, continuing at TOP
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 7575
ACCEPT fw loc tcp 7575
#
# Accept SSH connections from the internet for administration
#
ACCEPT net fw tcp 7575
ACCEPT fw net tcp 7575
#
#ACCEPT loc fw tcp 22
#ACCEPT fw loc tcp 22
#
# Accept SSH connections from the internet for administration
#
#ACCEPT net fw tcp 22
#ACCEPT fw net tcp 22
#
ACCEPT loc fw tcp 1080
ACCEPT fw loc tcp 1080
#
ACCEPT fw net tcp 1080
#
ACCEPT loc fw tcp 2738
ACCEPT fw loc tcp 2738
#
ACCEPT loc fw udp 2738
ACCEPT fw loc udp 2738
#
ACCEPT fw net tcp 3890
ACCEPT loc net tcp 3890
#
ACCEPT loc fw tcp 1991
ACCEPT fw loc tcp 1991
#
ACCEPT loc fw udp 1991
ACCEPT fw loc udp 1991
#
/80
ACCEPT net fw tcp 21
ACCEPT fw net tcp 21
ACCEPT loc net tcp 21
ACCEPT net loc tcp 21
ACCEPT loc fw tcp 20
ACCEPT fw loc tcp 20
ACCEPT net fw tcp 20
ACCEPT fw net tcp 20
ACCEPT loc net tcp 20
ACCEPT net loc tcp 20
#
# Accept POP3connections
#
ACCEPT fw net tcp 110
ACCEPT net fw tcp 110
ACCEPT loc net tcp 110
ACCEPT fw loc tcp 110
# Accept HTTP,HTTPS connections
ACCEPT fw net tcp 21
ACCEPT fw net tcp 80
ACCEPT loc net tcp 443
ACCEPT loc net tcp 80
#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
####################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
# To avoid connection delays, reject AUTH if the user hasn't ACCEPTED it above
#
REJECT net:41.0.0.0/8 fw tcp
#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
####################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
# To avoid connection delays, reject AUTH if the user hasn't ACCEPTED it above
#
REJECT net:41.0.0.0/8 fw tcp
REJECT net fw tcp 113
REJECT net fw udp 137
REJECT loc fw udp 137
REJECT loc loc udp 137
REJECT loc net udp 137
#
# Accept DNS connections from the firewall to the network
#
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 7575
ACCEPT fw loc tcp 7575
#
# Accept SSH connections from the internet for administration
#
ACCEPT net fw tcp 7575
ACCEPT fw net tcp 7575
#
#ACCEPT loc fw tcp 22
#ACCEPT fw loc tcp 22
#
# Accept SSH connections from the internet for administration
#
#ACCEPT net fw tcp 22
#ACCEPT fw net tcp 22
#
ACCEPT loc fw tcp 1080
ACCEPT fw loc tcp 1080
#
ACCEPT fw net tcp 1080
#
ACCEPT loc fw tcp 2738
ACCEPT fw loc tcp 2738
#
ACCEPT loc fw udp 2738
ACCEPT fw loc udp 2738
#
ACCEPT fw net tcp 3890
ACCEPT loc net tcp 3890
#
ACCEPT loc fw tcp 1991
ACCEPT fw loc tcp 1991
#
ACCEPT loc fw udp 1991
ACCEPT fw loc udp 1991
#
ACCEPT fw net tcp 1991
ACCEPT loc net tcp 1991
#
# Make ping work
#
ACCEPT fw loc icmp 8
ACCEPT loc fw icmp 8
ACCEPT fw net icmp 8
ACCEPT net fw icmp 8
# Accept SMTP connections #from the internet for administration
#
ACCEPT:info loc net:202.22.192.1 tcp 25
ACCEPT:info net fw tcp 25
ACCEPT:info net fw tcp 465
ACCEPT:info loc fw tcp 25
ACCEPT:info fw net tcp 25
REJECT:info loc net tcp 25
#Accept Webmin Connection
ACCEPT net fw tcp 10000
ACCEPT fw net tcp 10000
#
# FTP
ACCEPT loc fw tcp 21
ACCEPT fw loc tcp 21
ACCEPT net fw tcp 21
ACCEPT fw net tcp 21
ACCEPT loc net tcp 21
ACCEPT net loc tcp 21
ACCEPT loc fw tcp 20
ACCEPT fw loc tcp 20
ACCEPT net fw tcp 20
ACCEPT fw net tcp 20
ACCEPT loc net tcp 20
ACCEPT net loc tcp 20
#
# Accept POP3connections
#
ACCEPT fw net tcp 110
ACCEPT net fw tcp 110
ACCEPT loc net tcp 110
ACCEPT fw loc tcp 110
# Accept HTTP,HTTPS connections
ACCEPT fw net tcp 21
ACCEPT fw net tcp 80
ACCEPT loc net tcp 443
ACCEPT loc net tcp 80
REJECT loc net tcp 3128
ACCEPT loc net tcp 3128
ACCEPT loc net tcp 8080
ACCEPT loc fw tcp 8080
ACCEPT fw loc tcp 8080
ACCEPT net loc tcp 8080
ACCEPT net fw tcp 80
ACCEPT net fw tcp 443
ACCEPT net fw tcp 993
ACCEPT net fw tcp 995
ACCEPT fw net tcp 443
ACCEPT loc fw tcp 3128
##spamassassin
ACCEPT fw net tcp 2703
ACCEPT loc fw tcp 2703
ACCEPT fw net udp 6277
ACCEPT loc fw udp 6277
ACCEPT net fw tcp 2703
ACCEPT fw net tcp 2703
ACCEPT fw net udp 24441
#
DNAT net loc:192.168.1.70 tcp 3389 - 203.76.153.83
#
#End spamassassin
# Force All web traffic to the Squid proxy server
REDIRECT loc 3128 tcp www
REDIRECT loc 3128 tcp 8080
#
#vpn
ACCEPT net fw tcp 50
ACCEPT loc fw tcp 50
ACCEPT fw net tcp 50
#
ACCEPT net fw udp 500
ACCEPT loc fw udp 500
ACCEPT fw net udp 500
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE