From ab7979ce01754a5aa06dd75c1cbc4d9ae19e77aa Mon Sep 17 00:00:00 2001
From: staticsafe <jogajog@sadiqsaif.com>
Date: Wed, 21 Aug 2019 22:46:44 -0400
Subject: [PATCH] add firewall rulesets for grevane.asininetech.net.

---
 .../files/grevane.asininetech.net.rules.v4    | 11 ++++++++++
 .../files/grevane.asininetech.net.rules.v6    | 20 +++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 ubuntu/roles/firewall-ruleset-deploy/files/grevane.asininetech.net.rules.v4
 create mode 100644 ubuntu/roles/firewall-ruleset-deploy/files/grevane.asininetech.net.rules.v6

diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/grevane.asininetech.net.rules.v4 b/ubuntu/roles/firewall-ruleset-deploy/files/grevane.asininetech.net.rules.v4
new file mode 100644
index 0000000..bd53da9
--- /dev/null
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/grevane.asininetech.net.rules.v4
@@ -0,0 +1,11 @@
+*filter
+:INPUT DROP
+:FORWARD DROP
+:OUTPUT ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p icmp --icmp-type ping -j ACCEPT
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
+-A INPUT -p tcp --dport 5665 -j ACCEPT
+COMMIT
diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/grevane.asininetech.net.rules.v6 b/ubuntu/roles/firewall-ruleset-deploy/files/grevane.asininetech.net.rules.v6
new file mode 100644
index 0000000..38132b6
--- /dev/null
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/grevane.asininetech.net.rules.v6
@@ -0,0 +1,20 @@
+*filter
+:INPUT DROP
+:FORWARD DROP
+:OUTPUT ACCEPT
+:icmp_in -
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp -m multiport --dport 80,443 -j ACCEPT
+-A INPUT -p tcp --dport 5665 -j ACCEPT
+-A INPUT -p ipv6-icmp -j icmp_in
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT
+COMMIT