#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
######################################################################################################################################################################################################
#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		SWITCH		HELPER
#							PORT	PORT(S)		DEST		LIMIT		GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW

Invalid(DROP)   int             $FW             tcp

Ping(ACCEPT)    int             $FW
SSH(ACCEPT)     int             $FW

Ping(ACCEPT)    ip4:34.128.0.0/10             $FW
SSH(ACCEPT)     ip4:34.128.0.0/10             $FW

Ping(ACCEPT)	ip4:23.181.112.0/24	      $FW:23.181.112.7
ACCEPT		ip4:23.181.112.0/24	      $FW:23.181.112.7	tcp	4242
SSH(ACCEPT)	ip4:23.181.112.0/24	      $FW:23.181.112.7

ACCEPT		drt:45.79.97.20		      $FW		tcp	4242
ACCEPT		drt		      $FW		tcp	4242

Ping(ACCEPT)    drt             $FW
SSH(ACCEPT)     drt             $FW

ACCEPT		drt		$FW		udp	9091
ACCEPT		drt		$FW		tcp	9091

#Ping(ACCEPT)    ixp:$IXP_NET    $FW
#SSH(ACCEPT)	ixp:$IXP_NET	$FW
#ACCEPT          ixp:$IXP_NET    $FW

#ACCEPT          ixp:206.81.80.184             ixp:$IXP_NET
#ACCEPT          ixp:$IXP_NET		       ixp:206.81.80.184

# SIX subnets should only be reachable by this router, so anything to be forwarded should be dropped:
#DROP:WARNING    any             ixp:$IXP_NET