Open alvagante opened 11 years ago
class { 'iptables': }
include iptables::ruleset::related_established
include iptables::ruleset::broadcast
include iptables::ruleset::multicast
include iptables::ruleset::security
@example42 See #40
See #43
Propose to => close
Some comments on the default rules that are generated with the new iptables module: 1- There's no more a failsafe ssh rule: -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT this can be dangerous , I 'd keep the option that inserts it and enable it by default
2- There's not a rule to manage ESTABLISHED connections: -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT I've always considered them safe and useful