From 3cdebf3ebe73cb2859dc852dcc73a8ee2d60e976 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Tue, 20 Aug 2013 19:45:56 -0400
Subject: install a preliminary firewall that blocks everything, except ssh for
 the cases when shorewall doesn't properly come up, ensuring that it fails
 safe (#3339)

Change-Id: Id4f0bf6cf25f420aa2ad67635b37ae95f54e3d38
---
 puppet/modules/site_config/templates/ipv6firewall_up.rules.erb | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 puppet/modules/site_config/templates/ipv6firewall_up.rules.erb

(limited to 'puppet/modules/site_config/templates/ipv6firewall_up.rules.erb')

diff --git a/puppet/modules/site_config/templates/ipv6firewall_up.rules.erb b/puppet/modules/site_config/templates/ipv6firewall_up.rules.erb
new file mode 100644
index 00000000..e7fae52e
--- /dev/null
+++ b/puppet/modules/site_config/templates/ipv6firewall_up.rules.erb
@@ -0,0 +1,7 @@
+# Generated by ip6tables-save v1.4.20 on Tue Aug 20 12:19:43 2013
+*filter
+:INPUT DROP [24:1980]
+:FORWARD DROP [0:0]
+:OUTPUT DROP [14:8030]
+COMMIT
+# Completed on Tue Aug 20 12:19:43 2013
-- 
cgit v1.2.3