5 files changed, 70 insertions, 0 deletions
diff --git a/policies/blocked-ips b/policies/blocked-ips
new file mode 100644
index 0000000..ceed910
--- /dev/null
+++ b/policies/blocked-ips
@@ -0,0 +1,15 @@
+115.47.3.229
+116.11.253.154
+118.129.166.149
+122.225.226.67
+125.46.15.194
+202.99.42.188
+218.145.128.230
+220.189.246.26
+222.68.199.238
+59.125.229.74
+60.217.229.222
+61.129.60.23
+70.85.215.42
+87.121.75.179
+88.220.70.24
diff --git a/policies/iptables-default b/policies/iptables-default
new file mode 100644
index 0000000..8f2377f
--- /dev/null
+++ b/policies/iptables-default
@@ -0,0 +1,17 @@
+#
+# iptables Firewall Policy
+# by Mike Crute (mcrute@gmail.com)
+# on September 19, 2009
+#
+ALLOW_PING=1
+TCP_ALLOW="22" # SSH
+#TCP_ALLOW=""
+#HOSTS_ALLOW=""
+#HOSTS_DENY=""
+#TCP_DENY=""
+#UDP_ALLOW="53"
+#UDP_DENY=""
+#RULES=""
diff --git a/policies/iptables-web b/policies/iptables-web
new file mode 100644
index 0000000..9dc9ca5
--- /dev/null
+++ b/policies/iptables-web
@@ -0,0 +1,19 @@
+#
+# iptables Firewall Policy
+# by Mike Crute (mcrute@gmail.com)
+# on September 19, 2009
+#
+ALLOW_PING=1
+TCP_ALLOW="22" # SSH
+TCP_ALLOW="${TCP_ALLOW} 80 443" # Web Ports
+TCP_ALLOW="${TCP_ALLOW} 20 21" # FTP Ports
+TCP_ALLOW="${TCP_ALLOW} 5870 5871" # Inbound tunnels 
+HOSTS_DENY=$(cat /etc/firewall/blocked-ips)
+#HOSTS_ALLOW=""
+#TCP_DENY=""
+#UDP_ALLOW="53"
+#UDP_DENY=""
+#RULES=""
diff --git a/policies/iptables-webrestricted b/policies/iptables-webrestricted
new file mode 100644
index 0000000..149cb82
--- /dev/null
+++ b/policies/iptables-webrestricted
@@ -0,0 +1,18 @@
+#
+# iptables Firewall Policy
+# by Mike Crute (mcrute@gmail.com)
+# on September 19, 2009
+#
+ALLOW_PING=1
+TCP_ALLOW="22" # SSH
+TCP_ALLOW="${TCP_ALLOW} 80" # Web Ports
+TCP_ALLOW="${TCP_ALLOW} 20 21" # FTP Ports
+#HOSTS_ALLOW=""
+#HOSTS_DENY=""
+#TCP_DENY=""
+#UDP_ALLOW="53"
+#UDP_DENY=""
+#RULES=""
diff --git a/policies/profile b/policies/profile
new file mode 100644
index 0000000..c077218
--- /dev/null
+++ b/policies/profile
@@ -0,0 +1 @@
+web

diff --git a/policies/blocked-ips b/policies/blocked-ips new file mode 100644 index 0000000..ceed910 --- /dev/null +++ b/policies/blocked-ips
@@ -0,0 +1,15 @@
	1	115.47.3.229
	2	116.11.253.154
	3	118.129.166.149
	4	122.225.226.67
	5	125.46.15.194
	6	202.99.42.188
	7	218.145.128.230
	8	220.189.246.26
	9	222.68.199.238
	10	59.125.229.74
	11	60.217.229.222
	12	61.129.60.23
	13	70.85.215.42
	14	87.121.75.179
	15	88.220.70.24


diff --git a/policies/iptables-default b/policies/iptables-default new file mode 100644 index 0000000..8f2377f --- /dev/null +++ b/policies/iptables-default
@@ -0,0 +1,17 @@
	1	#
	2	# iptables Firewall Policy
	3	# by Mike Crute (mcrute@gmail.com)
	4	# on September 19, 2009
	5	#
	6
	7	ALLOW_PING=1
	8
	9	TCP_ALLOW="22" # SSH
	10
	11	#TCP_ALLOW=""
	12	#HOSTS_ALLOW=""
	13	#HOSTS_DENY=""
	14	#TCP_DENY=""
	15	#UDP_ALLOW="53"
	16	#UDP_DENY=""
	17	#RULES=""


diff --git a/policies/iptables-web b/policies/iptables-web new file mode 100644 index 0000000..9dc9ca5 --- /dev/null +++ b/policies/iptables-web
@@ -0,0 +1,19 @@
	1	#
	2	# iptables Firewall Policy
	3	# by Mike Crute (mcrute@gmail.com)
	4	# on September 19, 2009
	5	#
	6
	7	ALLOW_PING=1
	8
	9	TCP_ALLOW="22" # SSH
	10	TCP_ALLOW="${TCP_ALLOW} 80 443" # Web Ports
	11	TCP_ALLOW="${TCP_ALLOW} 20 21" # FTP Ports
	12	TCP_ALLOW="${TCP_ALLOW} 5870 5871" # Inbound tunnels
	13	HOSTS_DENY=$(cat /etc/firewall/blocked-ips)
	14
	15	#HOSTS_ALLOW=""
	16	#TCP_DENY=""
	17	#UDP_ALLOW="53"
	18	#UDP_DENY=""
	19	#RULES=""


diff --git a/policies/iptables-webrestricted b/policies/iptables-webrestricted new file mode 100644 index 0000000..149cb82 --- /dev/null +++ b/policies/iptables-webrestricted
@@ -0,0 +1,18 @@
	1	#
	2	# iptables Firewall Policy
	3	# by Mike Crute (mcrute@gmail.com)
	4	# on September 19, 2009
	5	#
	6
	7	ALLOW_PING=1
	8
	9	TCP_ALLOW="22" # SSH
	10	TCP_ALLOW="${TCP_ALLOW} 80" # Web Ports
	11	TCP_ALLOW="${TCP_ALLOW} 20 21" # FTP Ports
	12
	13	#HOSTS_ALLOW=""
	14	#HOSTS_DENY=""
	15	#TCP_DENY=""
	16	#UDP_ALLOW="53"
	17	#UDP_DENY=""
	18	#RULES=""


diff --git a/policies/profile b/policies/profile new file mode 100644 index 0000000..c077218 --- /dev/null +++ b/policies/profile
@@ -0,0 +1 @@
		web