david415 · January 5, 2014 22:19
diff --git a/gistfile1.txt b/gistfile1.txt
 # /etc/default/ufw
 #

 # Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
 # accepted). You will need to 'disable' and then 'enable' the firewall for
 # the changes to take affect.
 IPV6=yes

 # Set the default input policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT.
 # ACCEPT enables connection tracking for NEW inbound packets on the INPUT
 # chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note
 # that if you change this you will most likely want to adjust your rules.
 DEFAULT_INPUT_POLICY="DROP"

 # Set the default output policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT.
 # ACCEPT enables connection tracking for NEW outbound packets on the OUTPUT
 # chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note
 # that if you change this you will most likely want to adjust your rules.
 DEFAULT_OUTPUT_POLICY="REJECT"

 # Set the default forward policy to ACCEPT, DROP or REJECT.  Please note that
 # if you change this you will most likely want to adjust your rules
 DEFAULT_FORWARD_POLICY="DROP"

 # Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
 # note that setting this to ACCEPT may be a security risk. See 'man ufw' for
 # details
 DEFAULT_APPLICATION_POLICY="SKIP"

 # By default, ufw only touches its own chains. Set this to 'yes' to have ufw
 # manage the built-in chains too. Warning: setting this to 'yes' will break
 # non-ufw managed firewall rules
 MANAGE_BUILTINS=no

 #
 # IPT backend
 #
 # only enable if using iptables backend
 IPT_SYSCTL=/etc/ufw/sysctl.conf

 # Extra connection tracking modules to load. Complete list can be found in
 # net/netfilter/Kconfig of your kernel source. Some common modules:
 # nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support
 # nf_conntrack_netbios_ns: NetBIOS (samba) client support
 # nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT
 # nf_conntrack_ftp, nf_nat_ftp: active FTP support
 # nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side)
 IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"
	# /etc/default/ufw
	#

	# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
	# accepted). You will need to 'disable' and then 'enable' the firewall for
	# the changes to take affect.
	IPV6=yes

	# Set the default input policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT.
	# ACCEPT enables connection tracking for NEW inbound packets on the INPUT
	# chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note
	# that if you change this you will most likely want to adjust your rules.
	DEFAULT_INPUT_POLICY="DROP"

	# Set the default output policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT.
	# ACCEPT enables connection tracking for NEW outbound packets on the OUTPUT
	# chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note
	# that if you change this you will most likely want to adjust your rules.
	DEFAULT_OUTPUT_POLICY="REJECT"

	# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that
	# if you change this you will most likely want to adjust your rules
	DEFAULT_FORWARD_POLICY="DROP"

	# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
	# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
	# details
	DEFAULT_APPLICATION_POLICY="SKIP"

	# By default, ufw only touches its own chains. Set this to 'yes' to have ufw
	# manage the built-in chains too. Warning: setting this to 'yes' will break
	# non-ufw managed firewall rules
	MANAGE_BUILTINS=no

	#
	# IPT backend
	#
	# only enable if using iptables backend
	IPT_SYSCTL=/etc/ufw/sysctl.conf

	# Extra connection tracking modules to load. Complete list can be found in
	# net/netfilter/Kconfig of your kernel source. Some common modules:
	# nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support
	# nf_conntrack_netbios_ns: NetBIOS (samba) client support
	# nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT
	# nf_conntrack_ftp, nf_nat_ftp: active FTP support
	# nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side)
	IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"