/* firewall.json List of firewall rules, for the firewall.pl CGI script See http://www.randomnoun.com/wp/2013/02/25/firewalling-your-smtp-traffic/ for a brief description of the syntax of this file. */ { "syntax" : "firewall.pl-1.0", "revision" : "$Id: firewall.json,v 1.8 2013-02-25 21:45:45 knoxg Exp $", "config" : { "logfile" : "/var/log/firewall.log", "path" : "/usr/bin:/bin", "machine" : "192.168.0.1", "connection" : "telnet-busybox", "username" : "admin", "password" : "admin", "timeout" : "10", "rules" : [ { "name" : "HTTP", "type" : "close", "image" : "pc2globe", "comment" : "HTTP traffic is considered to be any tcp traffic on port 80.", "iptable" : [ { "target" : "DROP", "prot" : "tcp", "opt" : "--", "source" : "anywhere", "dest" : "anywhere", "spec" : "80", "specAsServiceName" : "www" } ] }, { "name" : "SMTP", "type" : "close", "image" : "pc2globe", "comment" : "SMTP traffic is considered to be any tcp or udp traffic on ports 25 (SMTP), 465 (SMTP over SSL; e.g. google mail), and 587 (SMTP over SSL; e.g. hotmail)", "iptable" : [ { "target" : "DROP", "prot" : "udp", "opt" : "--", "source" : "anywhere", "dest" : "anywhere", "spec" : "587" }, { "target" : "DROP", "prot" : "tcp", "opt" : "--", "source" : "anywhere", "dest" : "anywhere", "spec" : "587" }, { "target" : "DROP", "prot" : "udp", "opt" : "--", "source" : "anywhere", "dest" : "anywhere", "spec" : "465" }, { "target" : "DROP", "prot" : "tcp", "opt" : "--", "source" : "anywhere", "dest" : "anywhere", "spec" : "465" }, { "target" : "DROP", "prot" : "udp", "opt" : "--", "source" : "anywhere", "dest" : "anywhere", "spec" : "25" }, { "target" : "DROP", "prot" : "tcp", "opt" : "--", "source" : "anywhere", "dest" : "anywhere", "spec" : "25", "specAsServiceName" : "smtp" } ] }, { "name" : "FISHMONGER", "type" : "close", "image" : "pc2globe", "comment" : "test rule with no ipRules", "iptable" : [ ] } ] } }