blob: 272e358e2dd5aaf33a7a27b021cb08d52ea55010 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
<!DOCTYPE kmyfirewall-ruleset>
<kmfgrs>
<netzone guiName="Incoming Connections" id="13" name="incoming_world" description="This is the global zone that contains
all valid IP addresses." >
<fromIP address="0.0.0.0" />
<netMask address="0" />
<protocol logging="no" limit="-1/" io="OUTGOING" id="19" name="HTTP" description="Protocol used to browse the WWW." >
<port protocol="TCP" num="80" />
</protocol>
<protocol logging="yes" limit="1/second" io="OUTGOING" id="20" name="SSH" description="Protocol used to enable a secure remote shell connection." >
<port protocol="TCP" num="22" />
</protocol>
</netzone>
<netzone guiName="Outgoing Connections" id="14" name="outgoing_world" description="This is the global zone that contains
all valid IP addresses." >
<fromIP address="0.0.0.0" />
<netMask address="0" />
</netzone>
<netzone guiName="Forbidden Clients" id="17" name="badClients_hosts" description="Hosts in this zone will not be able
to use services your computer provides." >
<fromIP address="0.0.0.0" />
<netMask address="0" />
</netzone>
<netzone guiName="Forbidden Servers" id="18" name="badServers_hosts" description="You will not be able to use the services
of the hosts in that list." >
<fromIP address="0.0.0.0" />
<netMask address="0" />
</netzone>
<netzone guiName="Malicious Hosts" id="16" name="malicious_hosts" description="Traffic coming from and going to hosts
will be dropped always." >
<fromIP address="0.0.0.0" />
<netMask address="0" />
</netzone>
<netzone guiName="Trusted Hosts" id="15" name="trusted_hosts" description="Traffic coming from and going to hosts
will be accepted always.
Only add really trusted Hosts to this Zone" >
<fromIP address="0.0.0.0" />
<netMask address="0" />
</netzone>
<abstract restrictOutgoingConnections="bool:off" allowIncomingConnections="bool:on" name="Webserver" description="This is an example for a webserver configuration. It does only enable incomming connections to port 80 (HTTP e.g. the port webservers usually bind) and 22 (SSH e.g. for remote administration)." />
<logging logPrefix="KMF: " logDropped="bool:on" limitLog="bool:on" />
<icmp limitPingReply="bool:on" allowPingReply="bool:on" />
<nat natAddress="0.0.0.0" useMasquerade="bool:off" useNat="bool:off" outgoingInterface="bool:off" />
</kmfgrs>
|