diff --git a/njallavps/ufw/ufw b/njallavps/ufw/ufw new file mode 100644 index 0000000..411ccbe --- /dev/null +++ b/njallavps/ufw/ufw @@ -0,0 +1,47 @@ +# /etc/default/ufw +# + +# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback +# accepted). You will need to 'disable' and then 'enable' the firewall for +# the changes to take affect. +IPV6=yes + +# Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if +# you change this you will most likely want to adjust your rules. +DEFAULT_INPUT_POLICY="DROP" + +# Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if +# you change this you will most likely want to adjust your rules. +DEFAULT_OUTPUT_POLICY="ACCEPT" + +# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that +# if you change this you will most likely want to adjust your rules +DEFAULT_FORWARD_POLICY="DROP" + +# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please +# note that setting this to ACCEPT may be a security risk. See 'man ufw' for +# details +DEFAULT_APPLICATION_POLICY="SKIP" + +# By default, ufw only touches its own chains. Set this to 'yes' to have ufw +# manage the built-in chains too. Warning: setting this to 'yes' will break +# non-ufw managed firewall rules +MANAGE_BUILTINS=no + +# +# IPT backend +# +# only enable if using iptables backend +IPT_SYSCTL=/etc/ufw/sysctl.conf + +# Extra connection tracking modules to load. IPT_MODULES should typically be +# empty for new installations and modules added only as needed. See +# 'CONNECTION HELPERS' from 'man ufw-framework' for details. Complete list can +# be found in net/netfilter/Kconfig of your kernel source. Some common modules: +# nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support +# nf_conntrack_netbios_ns: NetBIOS (samba) client support +# nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT +# nf_conntrack_ftp, nf_nat_ftp: active FTP support +# nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side) +# nf_conntrack_sane: sane support +IPT_MODULES="" \ No newline at end of file