[DEFAULT] target = ACCEPT addr = ports = 80, 443 proto = tcp state = NEW hitcount = do_ipv6 = false firewalld_direct_file_abs = /etc/firewalld/direct.xml restart_firewalld_after_change = true [anyone-may-icmp-with-limit] addr = ports = proto = icmp state = NEW,UNTRACKED hitcount = 120/60 [anyone-can-access-website] # Unsetting 'proto' while having a 'ports' value results in an invalid section # [these-guys-can-dns] # addr = google.li, 142.251.36.195, lowendbox.com, 2606:4700:20::ac43:4775 # ports = 53 # proto = # do_ipv6 = true [maybe-a-webserver] addr = 2606:4700:20::681a:804, lowendtalk.com ports = 80, 443 do_ipv6 = true [anyone-may-access-mail-services] ports = 143, 993, 110, 995, 25, 465, 587 hitcount = 120/60 [deny-all] target = DROP addr = ports = proto = state = do_ipv6 = true