# Firewall config for sample interface.  Copy this script to have the name
# firewall-ifname-init (where ifname is something like "eth0" or "eth1:1")
# and customize it to include any additional non-default rules you'd like.
#
# This particular sample adds a few "accept" rules for TCP connections to
# well-known ports.  Note how each rule appends to the existing rules.
# If you don't append, you'll wipe out the rules that came before.

## ICMP rules

# If you wish to clear any default rules, include this line;
# otherwise you can just add on to the default rules as shown below
#ICMP_ACCEPT=""


## TCP rules 

# If you wish to clear any default rules, include this line; 
# otherwise you can just add on to the default rules as shown below
#TCP_ACCEPT=""

# Allow SSH access
TCP_ACCEPT="$TCP_ACCEPT 0/0|0:65535|ssh"

# Allow Web access
TCP_ACCEPT="$TCP_ACCEPT 0/0|0:65535|www"
TCP_ACCEPT="$TCP_ACCEPT 0/0|0:65535|https"

# Allow PostgreSQL access from trusted hosts
TCP_ACCEPT="$TCP_ACCEPT 172.31.0.0/17|0:65535|5432"


## UDP rules 

# If you wish to clear any default rules, include this line;
# otherwise you can just add on to the default rules as shown below
#UDP_ACCEPT=""