ENABLE_SYSLOG=1 DENY_SSH_BF=1 DENY_SSH_BF_IP="$DEFAULT_IF" DENY_SSH_BF_PORT=22 GOOGLE_DNS1=8.8.8.8 GOOGLE_DNS2=8.8.4.4 DNS_SERVERS=" $GOOGLE_DNS1 $GOOGLE_DNS2 " WEB=" 80/tcp 443/tcp " DNS=" 53/udp 53/tcp " NTP=" 123/udp " SSH=" 22/tcp " BASIC_SERVICES=" $WEB $DNS $NTP $SSH " APPSERVER1=192.168.123.2 # # Permit SSH towards this host using eth0 # # allow_in any $eth0 any "$SSH" # # Permit this host to access HTTP, DNS, NTP and SSH on the internet. # # allow_out $eth0 any any "$BASIC_SERVICES" allow_out any any any "$BASIC_SERVICES" # # Enable clients within network $eth1_net to access the internet. # # nat $eth1_net $eth0 # allow_forward $eth1_net "$DNS_SERVERS" any "$DNS" # allow_forward $eth1_net any any "$WEB" # # Forward port 80 on external interface $eth0 towards APPSERVER1 # # port_forward $eth0 "$APPSERVER1" "$WEB" # # By default, machines in any network attached to an interface # can't access any other machine in any other local network. # If a machine in any of those networks need to access the # forwarded port, you must explicitly enable this: # # allow_forward $eth0_net "$APPSERVER1" any "$WEB" # # In this example ICMP is permitted to any host. # allow_icmp any any