ansible/roles/router/files/ferm.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

# Firewall configuration for a router with a dynamic IP.
#
# Based on example by Max Kellermann <max@duempel.org>
# <http://ferm.foo-projects.org/download/examples/dsl_router.ferm>

# Interface towards the Internet.
@def $DEV_WORLD = eth0;

# Interfaces towards LAN.
@def $DEV_PRIVATE = (eth1 eth2 eth3);

# Address range for LAN.
@def $NET_PRIVATE = 10.0.0.0/16;

table filter {
    chain INPUT policy ACCEPT;
    chain OUTPUT policy ACCEPT;
    chain FORWARD policy ACCEPT;
}

table nat {
    chain POSTROUTING MASQUERADE;
}