git.lirion.de

Of git, get, and gud

aboutsummaryrefslogtreecommitdiffstats
path: root/localfs/etc/firewalld/zones
diff options
context:
space:
mode:
Diffstat (limited to 'localfs/etc/firewalld/zones')
-rw-r--r--localfs/etc/firewalld/zones/FedoraWorkstation.xml16
-rw-r--r--localfs/etc/firewalld/zones/FedoraWorkstation.xml.old15
-rw-r--r--localfs/etc/firewalld/zones/home.xml5
-rw-r--r--localfs/etc/firewalld/zones/home.xml.old6
-rw-r--r--localfs/etc/firewalld/zones/internal.xml5
-rw-r--r--localfs/etc/firewalld/zones/internal.xml.old6
-rw-r--r--localfs/etc/firewalld/zones/kvm.xml7
-rw-r--r--localfs/etc/firewalld/zones/kvm.xml.old8
-rw-r--r--localfs/etc/firewalld/zones/lokalhorst.xml8
-rw-r--r--localfs/etc/firewalld/zones/lokalhorst.xml.old9
10 files changed, 85 insertions, 0 deletions
diff --git a/localfs/etc/firewalld/zones/FedoraWorkstation.xml b/localfs/etc/firewalld/zones/FedoraWorkstation.xml
new file mode 100644
index 0000000..a39d7e8
--- /dev/null
+++ b/localfs/etc/firewalld/zones/FedoraWorkstation.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+ <short>Fedora Workstation</short>
+ <description>Unsolicited incoming network packets are rejected from port 1 to 1024, except for select network services. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
+ <service name="dhcpv6-client"/>
+ <service name="ssh"/>
+ <service name="samba-client"/>
+ <service name="samba"/>
+ <service name="kerberos"/>
+ <service name="http"/>
+ <service name="https"/>
+ <service name="nfs"/>
+ <service name="rpc-bind"/>
+ <port port="1025-65535" protocol="udp"/>
+ <port port="1025-65535" protocol="tcp"/>
+</zone>
diff --git a/localfs/etc/firewalld/zones/FedoraWorkstation.xml.old b/localfs/etc/firewalld/zones/FedoraWorkstation.xml.old
new file mode 100644
index 0000000..5d04d82
--- /dev/null
+++ b/localfs/etc/firewalld/zones/FedoraWorkstation.xml.old
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+ <short>Fedora Workstation</short>
+ <description>Unsolicited incoming network packets are rejected from port 1 to 1024, except for select network services. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
+ <service name="dhcpv6-client"/>
+ <service name="ssh"/>
+ <service name="samba-client"/>
+ <service name="samba"/>
+ <service name="kerberos"/>
+ <service name="http"/>
+ <service name="https"/>
+ <service name="nfs"/>
+ <port port="1025-65535" protocol="udp"/>
+ <port port="1025-65535" protocol="tcp"/>
+</zone>
diff --git a/localfs/etc/firewalld/zones/home.xml b/localfs/etc/firewalld/zones/home.xml
new file mode 100644
index 0000000..f913db4
--- /dev/null
+++ b/localfs/etc/firewalld/zones/home.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="default">
+ <short>Home</short>
+ <description>For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
+</zone>
diff --git a/localfs/etc/firewalld/zones/home.xml.old b/localfs/etc/firewalld/zones/home.xml.old
new file mode 100644
index 0000000..d5e38d3
--- /dev/null
+++ b/localfs/etc/firewalld/zones/home.xml.old
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="default">
+ <short>Home</short>
+ <description>For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
+ <service name="dns"/>
+</zone>
diff --git a/localfs/etc/firewalld/zones/internal.xml b/localfs/etc/firewalld/zones/internal.xml
new file mode 100644
index 0000000..2dff2d4
--- /dev/null
+++ b/localfs/etc/firewalld/zones/internal.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="default">
+ <short>Internal</short>
+ <description>For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.</description>
+</zone>
diff --git a/localfs/etc/firewalld/zones/internal.xml.old b/localfs/etc/firewalld/zones/internal.xml.old
new file mode 100644
index 0000000..f9f3d37
--- /dev/null
+++ b/localfs/etc/firewalld/zones/internal.xml.old
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="default">
+ <short>Internal</short>
+ <description>For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.</description>
+ <service name="dns"/>
+</zone>
diff --git a/localfs/etc/firewalld/zones/kvm.xml b/localfs/etc/firewalld/zones/kvm.xml
new file mode 100644
index 0000000..f21de55
--- /dev/null
+++ b/localfs/etc/firewalld/zones/kvm.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="ACCEPT">
+ <short>KVM</short>
+ <description>LOREM IPSUM HODOR</description>
+ <source address="10.16.25.0/24"/>
+ <source address="172.16.25.0/24"/>
+</zone>
diff --git a/localfs/etc/firewalld/zones/kvm.xml.old b/localfs/etc/firewalld/zones/kvm.xml.old
new file mode 100644
index 0000000..31c90e3
--- /dev/null
+++ b/localfs/etc/firewalld/zones/kvm.xml.old
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="ACCEPT">
+ <short>KVM</short>
+ <description>LOREM IPSUM HODOR</description>
+ <source address="10.16.25.0/24"/>
+ <source address="172.16.25.0/24"/>
+ <service name="libvirt"/>
+</zone>
diff --git a/localfs/etc/firewalld/zones/lokalhorst.xml b/localfs/etc/firewalld/zones/lokalhorst.xml
new file mode 100644
index 0000000..d52a74c
--- /dev/null
+++ b/localfs/etc/firewalld/zones/lokalhorst.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="default">
+ <short>lokalhorst</short>
+ <description>Unsolicited incoming network packets are rejected from port 1 to 1024, except for select network services. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
+ <service name="nfs"/>
+ <port port="1025-65535" protocol="udp"/>
+ <port port="1025-65535" protocol="tcp"/>
+</zone>
diff --git a/localfs/etc/firewalld/zones/lokalhorst.xml.old b/localfs/etc/firewalld/zones/lokalhorst.xml.old
new file mode 100644
index 0000000..f948687
--- /dev/null
+++ b/localfs/etc/firewalld/zones/lokalhorst.xml.old
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="default">
+ <short>lokalhorst</short>
+ <description>Unsolicited incoming network packets are rejected from port 1 to 1024, except for select network services. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
+ <service name="nfs"/>
+ <service name="rpc-bind"/>
+ <port port="1025-65535" protocol="udp"/>
+ <port port="1025-65535" protocol="tcp"/>
+</zone>