From e86367ed83dfa84a3c40ad3538be877252d6646a Mon Sep 17 00:00:00 2001
From: staticsafe <jogajog@sadiqsaif.com>
Date: Wed, 21 Aug 2019 23:18:06 -0400
Subject: [PATCH] add firewall rulesets for demonreach.asininetech.net.

---
 .../files/demonreach.asininetech.net.rules.v4 | 16 ++++++++++++++
 .../files/demonreach.asininetech.net.rules.v6 | 21 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v4
 create mode 100644 ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v6

diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v4 b/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v4
new file mode 100644
index 0000000..6b50eff
--- /dev/null
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v4
@@ -0,0 +1,16 @@
+*filter
+:INPUT DROP
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+:POSTROUTING ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p icmp --icmp-type ping -j ACCEPT
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp --dport 5665 -j ACCEPT
+-A INPUT -p tcp --dport 9001 -j ACCEPT
+-A INPUT -p tcp -m multiport --dports 5269,5222 -j ACCEPT
+-A INPUT -p udp --dport 1194 -j ACCEPT
+-A INPUT -p udp --dport 53 -s 10.8.0.1/24 -j ACCEPT
+-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
+COMMIT
diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v6 b/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v6
new file mode 100644
index 0000000..716515e
--- /dev/null
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v6
@@ -0,0 +1,21 @@
+*filter
+:INPUT DROP
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+:icmp_in -
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp --dport 5665 -j ACCEPT
+-A INPUT -p tcp --dport 9001 -j ACCEPT
+-A INPUT -p tcp -m multiport --dports 5269,5222 -j ACCEPT
+-A INPUT -p ipv6-icmp -j icmp_in
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT
+COMMIT