summaryrefslogtreecommitdiffstats
path: root/templates
diff options
context:
space:
mode:
Diffstat (limited to 'templates')
-rw-r--r--templates/02_workstation_template.tkmfgrs43
-rw-r--r--templates/02_workstation_template.tkmfrs401
-rw-r--r--templates/03_nat_router_template.tkmfgrs39
-rw-r--r--templates/03_nat_router_template.tkmfrs70
-rw-r--r--templates/04_web_server_template.tkmfgrs45
-rw-r--r--templates/04_web_server_template.tkmfrs357
-rw-r--r--templates/Makefile.am9
7 files changed, 964 insertions, 0 deletions
diff --git a/templates/02_workstation_template.tkmfgrs b/templates/02_workstation_template.tkmfgrs
new file mode 100644
index 0000000..7702051
--- /dev/null
+++ b/templates/02_workstation_template.tkmfgrs
@@ -0,0 +1,43 @@
+<!DOCTYPE kmyfirewall-ruleset>
+<kmfgrs>
+<netzone guiName="Incoming Connections" id="13" name="incoming_world" description="This is the global zone that contains
+all valid IP addresses." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+<protocol logging="yes" limit="1/second" io="OUTGOING" id="19" name="SSH" description="Protocol used to enable a secure remote shell connection." >
+ <port protocol="TCP" num="22" />
+</protocol>
+</netzone>
+<netzone guiName="Outgoing Connections" id="14" name="outgoing_world" description="This is the global zone that contains
+all valid IP addresses." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Forbidden Clients" id="17" name="badClients_hosts" description="Hosts in this zone will not be able
+to use services your computer provides." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Forbidden Servers" id="18" name="badServers_hosts" description="You will not be able to use the services
+of the hosts in that list." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Malicious Hosts" id="16" name="malicious_hosts" description="Traffic coming from and going to hosts
+will be dropped always." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Trusted Hosts" id="15" name="trusted_hosts" description="Traffic coming from and going to hosts
+will be accepted always.
+Only add really trusted Hosts to this Zone" >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+ <abstract restrictOutgoingConnections="bool:off" allowIncomingConnections="bool:on" name="Workstation Template" description="Simple configuration for an typical workstation environment.
+Just allow ssh connections from other hosts." />
+ <logging logPrefix="KMF: " logDropped="bool:on" limitLog="bool:on" />
+ <icmp limitPingReply="bool:on" allowPingReply="bool:on" />
+ <nat natAddress="0.0.0.0" useMasquerade="bool:off" useNat="bool:off" outgoingInterface="bool:off" />
+</kmfgrs>
+
diff --git a/templates/02_workstation_template.tkmfrs b/templates/02_workstation_template.tkmfrs
new file mode 100644
index 0000000..e629dca
--- /dev/null
+++ b/templates/02_workstation_template.tkmfrs
@@ -0,0 +1,401 @@
+<!DOCTYPE kmyfirewall-ruleset>
+<kmfnet maxVersion="~" minVersion="1.1.0" version="1.1.0" interface="iptables" uuid="{41b36b2b-68e2-4545-b34d-3cf3609c204f}" >
+<netzone guiName="Gloabl Network" readonly="bool:on" uuid="{3349418e-3923-4f3c-933c-b1bd91a2c84a}" name="mynetwork" description="This is the global zone that contains all valid IP addresses." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+<target sshPort="22" address="127.0.0.1" guiName="My Local Computer" readonly="bool:on" uuid="{42bc1c1f-996f-4f60-a6e3-3e43cd6f0167}" name="localhost" description="Local copmuter running KMyFirewall" >
+<targetconfig uuid="{c3d33a7a-5ba9-45cc-8f34-1617b773e08f}" name="Untitled" description="No Description Available" >
+ <os name="linux" />
+ <backend name="iptables" />
+ <distribution name="" />
+ <initPath name="" />
+ <IPTPath name="" />
+ <modprobePath name="" />
+ <rcDefaultPath name="" />
+</targetconfig>
+ <kmfrs maxVersion="~" minVersion="1.0.0" version="1.1.0" uuid="{8af7181a-bf52-47e3-a00e-2204f8cff57c}" >
+ <abstract use_nat="no" use_filter="yes" use_syn_cookies="yes" use_ipfwd="yes" use_martians="yes" use_modules="yes" use_rp_filter="yes" name="Workstation Template" use_mangle="no" description="This is a template configuration for a typical workstation that does not do any routing.
+Use this as a startingpoint for your firewall setup." />
+<table uuid="{24e22827-5d99-49a3-8767-b9cf25371f7c}" name="filter" description="This table is the main table for filtering
+packets. Here you may define your
+access control rules" >
+<chain default_target="DROP" builtin="yes" uuid="{414166ad-b58e-41e8-8a8f-a9962e769bd1}" name="INPUT" description="In this chain you can filter packets that
+are addressed directly to this computer." >
+<rule num="0" logging="no" target="ICMP_FILTER" custom_rule="no" uuid="{ac00d50c-60b1-4596-9fe6-be5843be3cf4}" name="FWD_ICMP_FILTER" enabled="yes" description="Forward to the chain that handles ICPM packets
+to avoid crap like source-quench etc." />
+<rule num="1" logging="no" target="ANTISPOOF" custom_rule="no" uuid="{214725fa-4179-46e4-800d-5914741921e9}" name="FWD_ANTISPOOF" enabled="yes" description="Forward packets to the ANTISPOOF chain
+which performes some sainity checks for
+the packets to avoid spoofing." />
+<rule num="2" logging="no" target="TCP_CHECKS" custom_rule="no" uuid="{af2b8ac5-3f43-4679-b189-9f031921b7a7}" name="FWD_TCP_CHECKS" enabled="yes" description="Forward to chian TCP_CHECKS which
+filters invalid TCP flag combinations." >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{b5626a02-1808-444a-9e61-e6484318cb8c}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="3" logging="no" target="SERVICES" custom_rule="no" uuid="{f334a3b2-7f69-48d6-8594-54e2a5c4ef60}" name="FWD_SERVICES" enabled="yes" description="This rule forwards all packetst to the SERVICES chain.
+This chain is ment to be used for rules that allow
+access to this host e.g. http if you are running a web
+server." />
+<rule num="4" logging="no" target="ACCEPT" custom_rule="no" uuid="{bece6068-58e4-4cef-83b4-9513d574d471}" name="CONNTRACK" enabled="yes" description="This rule handles the connecktion tracking.
+It simply lets everything in that is a response
+to a network request you made." >
+<ruleoption targetoption="no" type="state_opt" uuid="{0210e1d2-769e-4495-8089-781d20ca2c3a}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="RELATED,ESTABLISHED" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="5" logging="no" target="ACCEPT" custom_rule="no" uuid="{4dc5f9cf-d19b-4030-998d-166ada82d814}" name="LOOPBACK" enabled="yes" description="Allow packets send from the loopback interface" >
+<ruleoption targetoption="no" type="interface_opt" uuid="{d53aa556-afd8-4906-867a-943747470965}" >
+ <ruleoptionvalue value0="lo" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="6" logging="no" target="VPNs" custom_rule="no" uuid="{8508ed2b-7afd-426c-b959-c61583f5ee6c}" name="FWD_VPN" enabled="yes" description="Forward rule for packets coming from a VPN network 192.168.2.0/24" >
+<ruleoption targetoption="no" type="ip_opt" uuid="{40e4dd9e-cf4e-444a-8b26-1b4fd8f137a8}" >
+ <ruleoptionvalue value0="192.168.2.1/24" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+<chain default_target="ACCEPT" builtin="yes" uuid="{e97ee9d7-871f-49f0-b2a0-1912292a2071}" name="OUTPUT" description="In this chain you can decide which
+packets are allowed to be sent away
+from this computer." />
+<chain default_target="DROP" builtin="yes" uuid="{f437654c-62e4-4fee-b129-99ee59755394}" name="FORWARD" description="In this chain you can filter the packets
+that are routed to other hosts by this
+computer." />
+<chain builtin="no" uuid="{a0f476e7-9540-4260-9f61-de89d033fd3e}" name="ANTISPOOF" description="Packet spoof protection is done in
+this chain." >
+<rule num="0" logging="no" target="DROP" custom_rule="no" uuid="{b1e735e2-1b31-4b74-9c14-8613abf8b29c}" name="loopback_spoof" enabled="yes" description="Check if packets are really from the loaclhost." >
+<ruleoption targetoption="no" type="interface_opt" uuid="{774afbfa-c082-4084-878f-69bd9d193104}" >
+ <ruleoptionvalue value0="! lo" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+<ruleoption targetoption="no" type="ip_opt" uuid="{0ff372ce-3e46-499c-9512-0dae87cb2df8}" >
+ <ruleoptionvalue value0="127.0.0.0/8" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+<chain builtin="no" uuid="{49b1df3f-fb0e-4745-9547-612e350101af}" name="SERVICES" description="This rule allows other computer to connect to us on udp port 53" >
+<rule num="0" logging="no" target="ACCEPT" custom_rule="no" uuid="{b5812bdf-cb51-456d-882a-bf7d82f8e13b}" name="Exapmle_DNS" enabled="no" description="This rule allows other computer to connect to us on udp port 53" >
+<ruleoption targetoption="no" type="udp_opt" uuid="{a4b99995-a68d-4163-a931-c8904a138140}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="1024:65535" />
+ <ruleoptionvalue value2="53" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="1" logging="no" target="ACCEPT" custom_rule="no" uuid="{11af5582-60d6-43d5-81b5-18bba8edb31f}" name="Example_SSH" enabled="yes" description="Example rule that allows other to connect
+to your couputer using ssh e.g. tcp port 22" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{22b2c038-2be6-4997-9430-2340f29ba766}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="1024:65535" />
+ <ruleoptionvalue value2="22" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+<chain builtin="no" uuid="{28e8c0e7-84b9-431b-a636-c18777af661b}" name="ICMP_FILTER" description="Here some ICMP packet types are
+filtered to avoid denial of service attacks." >
+<rule num="0" logging="no" target="ACCEPT" custom_rule="no" uuid="{5740f895-e5b8-4b6c-ae75-a07df328b8a0}" name="ping" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="icmp_opt" uuid="{9cf0dfd0-9523-49a0-b7dc-f78b9c759dc2}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="echo-request" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="1" logging="no" target="ACCEPT" custom_rule="no" uuid="{f753a6a0-b7c3-47cd-b08a-ebac149220a8}" name="ping_reply" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="icmp_opt" uuid="{3a184346-683e-4535-99d2-ffe14f034984}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="echo-reply" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="2" logging="no" target="ACCEPT" custom_rule="no" uuid="{9aee9939-1a7b-4f71-a500-635f2ce6793d}" name="host_unreachable" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="icmp_opt" uuid="{fdb12c22-e453-4fbb-aafb-c3cc32c919e2}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="host-unreachable" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="3" logging="no" target="ACCEPT" custom_rule="no" uuid="{fda4fddc-efe8-4bd1-89a0-1e7e2080348d}" name="network_unreachable" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="icmp_opt" uuid="{6768d063-835c-40a2-992d-46d87f7b906a}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="network-unreachable" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+<chain builtin="no" uuid="{a47513dd-a3be-486d-a918-dc0dc01e6bcd}" name="TCP_CHECKS" description="No Description Available" >
+<rule num="0" logging="no" target="DROP" custom_rule="no" uuid="{53f9ce17-a8c8-4dc4-acb9-ea24977883e7}" name="tcp_flags1" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{381457e1-6e7c-422b-b73f-c879865e8bb2}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="ALL NONE" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="1" logging="no" target="DROP" custom_rule="no" uuid="{b5a11f5c-d6cf-400b-bc98-ef42bc7656d9}" name="tcp_flags2" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{4bb35820-e3ac-44be-a9fb-cfc7f1d41e22}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="FIN,ACK FIN" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="2" logging="no" target="DROP" custom_rule="no" uuid="{5751a6c7-5c75-4b20-8747-b10da300f38f}" name="tcp_flags3" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{76df0129-2788-4c66-8124-c96801337df3}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="ACK,PSH PSH" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="3" logging="no" target="DROP" custom_rule="no" uuid="{3f49954b-6a2a-4298-81c6-c54cd2c5c17d}" name="tcp_flags4" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{f51ebe7f-aa2b-452a-9350-66192ba7d322}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="ACK,URG URG" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="4" logging="no" target="DROP" custom_rule="no" uuid="{5e530522-9b04-49aa-8a0c-22d77a143393}" name="tcp_flags5" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{b7dc141d-d632-4ace-8fa5-689a8cfbe640}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="SYN,FIN SYN,FIN" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="5" logging="no" target="DROP" custom_rule="no" uuid="{c44e8a32-aa43-4320-afeb-81b7847cfdf9}" name="tcp_flags6" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{0e05588d-c058-4353-8274-33ad8b79aea9}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="SYN,RST SYN,RST" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="6" logging="no" target="DROP" custom_rule="no" uuid="{d99c29f2-8d22-4c87-96bd-8fae4f003fbf}" name="tcp_flags7" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{9734225e-7963-42a3-bf61-1a3c42c91331}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="FIN,RST FIN,RST" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="7" logging="no" target="DROP" custom_rule="no" uuid="{0943595a-d650-4af0-bf95-0a133e75a72a}" name="tcp_nmapXmas" enabled="yes" description="Avoid nmap-xmas scanns" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{2858dee2-65e8-4097-aa5c-e0f3346ee9b4}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="ALL FIN,PSH,URG" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+<chain builtin="no" uuid="{ba89f1bd-f323-41a4-9b05-96e13146a465}" name="LOCAL_LANS" description="No Description Available" >
+<rule num="0" logging="no" target="ACCEPT" custom_rule="no" uuid="{776e59c2-1940-48e0-8eb2-9f91a84435c6}" name="MyNET" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="ip_opt" uuid="{570f7dab-5384-4e2f-a530-b33375cead6e}" >
+ <ruleoptionvalue value0="192.168.0.0/24" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+<chain builtin="no" uuid="{7152a99c-bf57-44a2-8438-12d69769fecb}" name="VPNs" description="No Description Available" >
+<rule num="0" logging="no" target="ACCEPT" custom_rule="no" uuid="{bab58f0c-73d0-421d-a1cd-74a9350019f0}" name="TCP_SERVICES" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{cc3f37ae-30d0-4ecf-ac5f-1c5faf55b60d}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+<ruleoption targetoption="no" type="state_opt" uuid="{3cb856be-021b-4185-9b69-48d238d7c9c0}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="NEW" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+</table>
+<table uuid="{855aa6cf-d15d-4744-aede-5b93d07b128b}" name="nat" description="This table is made for every kind of
+NAT (Network Address Translation)." >
+<chain default_target="ACCEPT" builtin="yes" uuid="{3410f0f7-e203-4569-a857-dcf922125fa0}" name="OUTPUT" description="In this chain you can decide which
+packets are allowed to be sent away
+from this computer." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{e44c3748-6c56-4c17-be91-76dd12597593}" name="PREROUTING" description="..." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{1092717a-a346-4c75-9a16-a2ec8d749634}" name="POSTROUTING" description="..." />
+</table>
+<table uuid="{a4ef60e2-55fe-4c2c-bff8-3dacfa47caa4}" name="mangle" description="This table is made for altering packets." >
+<chain default_target="ACCEPT" builtin="yes" uuid="{a990c3d6-75e1-49e9-922f-d31ea7d59ccd}" name="INPUT" description="In this chain you can filter packets that
+are addressed directly to this compter." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{65910037-d1ab-4dfc-a5af-c46a32b20e99}" name="OUTPUT" description="In this chain you can decide which
+packets are allowed to be sent away
+from this computer." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{c5f40a03-9239-430c-aa1d-18a7a747f621}" name="FORWARD" description="In this chain you can filter the packets
+that are routed to other hosts by this
+computer." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{34509ced-a1d0-43ca-8bf3-e513cdde985b}" name="PREROUTING" description="..." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{1ee9514d-ed88-4607-a22f-6eb4780ca1d7}" name="POSTROUTING" description="..." />
+</table>
+ </kmfrs>
+</target>
+</netzone>
+</kmfnet>
+
diff --git a/templates/03_nat_router_template.tkmfgrs b/templates/03_nat_router_template.tkmfgrs
new file mode 100644
index 0000000..fdb1f5d
--- /dev/null
+++ b/templates/03_nat_router_template.tkmfgrs
@@ -0,0 +1,39 @@
+<!DOCTYPE kmyfirewall-ruleset>
+<kmfgrs>
+<netzone guiName="Incoming Connections" id="13" name="incoming_world" description="This is the global zone that contains
+all valid IP addresses." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Outgoing Connections" id="14" name="outgoing_world" description="This is the global zone that contains
+all valid IP addresses." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Forbidden Clients" id="17" name="badClients_hosts" description="Hosts in this zone will not be able
+to use services your computer provides." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Forbidden Servers" id="18" name="badServers_hosts" description="You will not be able to use the services
+of the hosts in that list." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Malicious Hosts" id="16" name="malicious_hosts" description="Traffic coming from and going to hosts
+will be dropped always." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Trusted Hosts" id="15" name="trusted_hosts" description="Traffic coming from and going to hosts
+will be accepted always.
+Only add really trusted Hosts to this Zone" >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+ <abstract restrictOutgoingConnections="bool:off" allowIncomingConnections="bool:offf" name="Nat Router" description="This ruleset implements that basic functionality for a NAT (Network Address Translation) Router. If you like to use your computer as the internet gateway for others in you local lan use this as a starting point." />
+ <logging logPrefix="KMF: " logDropped="bool:on" limitLog="bool:on" />
+ <icmp limitPingReply="bool:on" allowPingReply="bool:on" />
+ <nat natAddress="0.0.0.0" useMasquerade="bool:on" useNat="bool:on" outgoingInterface="eth0" />
+</kmfgrs>
+
diff --git a/templates/03_nat_router_template.tkmfrs b/templates/03_nat_router_template.tkmfrs
new file mode 100644
index 0000000..9fe811e
--- /dev/null
+++ b/templates/03_nat_router_template.tkmfrs
@@ -0,0 +1,70 @@
+<!DOCTYPE kmyfirewall-ruleset>
+<kmfnet maxVersion="~" minVersion="1.1.0" version="1.1.0" interface="iptables" uuid="{41b36b2b-68e2-4545-b34d-3cf3609c204f}" >
+<netzone guiName="Gloabl Network" readonly="bool:on" uuid="{3349418e-3923-4f3c-933c-b1bd91a2c84a}" name="mynetwork" description="This is the global zone that contains all valid IP addresses." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+<target sshPort="22" address="127.0.0.1" guiName="My Local Computer" readonly="bool:on" uuid="{f71cacc9-e95c-4867-aab2-7cafd847dab8}" name="localhost" description="Local copmuter running KMyFirewall" >
+<targetconfig uuid="{634f667c-965e-42e8-ade6-5906f4037873}" name="Untitled" description="No Description Available" >
+ <os name="linux" />
+ <backend name="iptables" />
+ <distribution name="" />
+ <initPath name="" />
+ <IPTPath name="" />
+ <modprobePath name="" />
+ <rcDefaultPath name="" />
+</targetconfig>
+ <kmfrs maxVersion="~" minVersion="1.0.0" version="1.1.0" uuid="{2871e950-a8e0-4b00-844c-ad841dc30b2f}" >
+ <abstract use_nat="yes" use_filter="yes" use_syn_cookies="yes" use_ipfwd="yes" use_martians="no" use_modules="yes" use_rp_filter="no" name="Nat Router Template" use_mangle="yes" description="Template for setting up a NAT (Network Address Translation) router.
+This kind of router is ment to be used to share an Internet connection with other hosts on the local LAN." />
+<table uuid="{040a7b73-75b4-4093-a78e-6048063425ae}" name="filter" description="This table is the main table for filtering
+packets. Here you may define your
+access control rules" >
+<chain default_target="ACCEPT" builtin="yes" uuid="{5fa9a7bf-b002-41b9-b5e5-dfc3f1e7fa9a}" name="INPUT" description="In this chain you can filter packets that
+are addressed directly to this computer." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{41527b27-863a-4adc-bcd1-e6d90f03d355}" name="OUTPUT" description="In this chain you can decide which
+packets are allowed to be sent away
+from this computer." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{11b0d4a2-2a94-46a3-ad44-b2e223521a6f}" name="FORWARD" description="In this chain you can filter the packets
+that are routed to other hosts by this
+computer." />
+</table>
+<table uuid="{f203117d-ad4f-4f46-929e-43ab3dde01b8}" name="nat" description="This table is made for every kind of
+NAT (Network Address Translation)." >
+<chain default_target="ACCEPT" builtin="yes" uuid="{99c0abdb-88b2-40df-8e66-a4ade347d5e2}" name="OUTPUT" description="In this chain you can decide which
+packets are allowed to be sent away
+from this computer." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{b8166bcc-b5d0-40dd-ae25-6e0f3a9c51f3}" name="PREROUTING" description="..." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{322bf0ef-dd77-45ec-b702-139ac167c096}" name="POSTROUTING" description="..." >
+<rule num="0" logging="no" target="MASQUERADE" custom_rule="no" uuid="{3b040513-17eb-4dc6-be7c-2e971161317c}" name="NAT" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="interface_opt" uuid="{15ba5aa9-127f-47a7-a8ae-f396d0622215}" >
+ <ruleoptionvalue value0="bool:off" />
+ <ruleoptionvalue value1="eth0" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+</table>
+<table uuid="{3f5d7d33-a987-4cbd-a50f-8416a23ad585}" name="mangle" description="This table is made for altering packets." >
+<chain default_target="ACCEPT" builtin="yes" uuid="{f5fc2c48-f20f-4a4f-8fe9-21f4d5176abe}" name="INPUT" description="In this chain you can filter packets that
+are addressed directly to this compter." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{d25fd085-f1cc-462a-bdb0-cf2bc1128a01}" name="OUTPUT" description="In this chain you can decide which
+packets are allowed to be sent away
+from this computer." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{028a65ae-ab15-4836-a3eb-4e3a83ccae7e}" name="FORWARD" description="In this chain you can filter the packets
+that are routed to other hosts by this
+computer." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{c63b0745-9676-4195-aacd-27f3546ceac9}" name="PREROUTING" description="..." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{8778aef6-85be-483f-934e-498f9e2e871f}" name="POSTROUTING" description="..." />
+</table>
+ </kmfrs>
+</target>
+</netzone>
+</kmfnet>
+
diff --git a/templates/04_web_server_template.tkmfgrs b/templates/04_web_server_template.tkmfgrs
new file mode 100644
index 0000000..272e358
--- /dev/null
+++ b/templates/04_web_server_template.tkmfgrs
@@ -0,0 +1,45 @@
+<!DOCTYPE kmyfirewall-ruleset>
+<kmfgrs>
+<netzone guiName="Incoming Connections" id="13" name="incoming_world" description="This is the global zone that contains
+all valid IP addresses." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+<protocol logging="no" limit="-1/" io="OUTGOING" id="19" name="HTTP" description="Protocol used to browse the WWW." >
+ <port protocol="TCP" num="80" />
+</protocol>
+<protocol logging="yes" limit="1/second" io="OUTGOING" id="20" name="SSH" description="Protocol used to enable a secure remote shell connection." >
+ <port protocol="TCP" num="22" />
+</protocol>
+</netzone>
+<netzone guiName="Outgoing Connections" id="14" name="outgoing_world" description="This is the global zone that contains
+all valid IP addresses." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Forbidden Clients" id="17" name="badClients_hosts" description="Hosts in this zone will not be able
+to use services your computer provides." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Forbidden Servers" id="18" name="badServers_hosts" description="You will not be able to use the services
+of the hosts in that list." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Malicious Hosts" id="16" name="malicious_hosts" description="Traffic coming from and going to hosts
+will be dropped always." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+<netzone guiName="Trusted Hosts" id="15" name="trusted_hosts" description="Traffic coming from and going to hosts
+will be accepted always.
+Only add really trusted Hosts to this Zone" >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+</netzone>
+ <abstract restrictOutgoingConnections="bool:off" allowIncomingConnections="bool:on" name="Webserver" description="This is an example for a webserver configuration. It does only enable incomming connections to port 80 (HTTP e.g. the port webservers usually bind) and 22 (SSH e.g. for remote administration)." />
+ <logging logPrefix="KMF: " logDropped="bool:on" limitLog="bool:on" />
+ <icmp limitPingReply="bool:on" allowPingReply="bool:on" />
+ <nat natAddress="0.0.0.0" useMasquerade="bool:off" useNat="bool:off" outgoingInterface="bool:off" />
+</kmfgrs>
+
diff --git a/templates/04_web_server_template.tkmfrs b/templates/04_web_server_template.tkmfrs
new file mode 100644
index 0000000..c108e1d
--- /dev/null
+++ b/templates/04_web_server_template.tkmfrs
@@ -0,0 +1,357 @@
+<!DOCTYPE kmyfirewall-ruleset>
+<kmfnet maxVersion="~" minVersion="1.1.0" version="1.1.0" interface="iptables" uuid="{41b36b2b-68e2-4545-b34d-3cf3609c204f}" >
+<netzone guiName="Gloabl Network" readonly="bool:on" uuid="{3349418e-3923-4f3c-933c-b1bd91a2c84a}" name="mynetwork" description="This is the global zone that contains all valid IP addresses." >
+ <fromIP address="0.0.0.0" />
+ <netMask address="0" />
+<target sshPort="22" address="127.0.0.1" guiName="My Local Computer" readonly="bool:on" uuid="{42bc1c1f-996f-4f60-a6e3-3e43cd6f0167}" name="localhost" description="Local copmuter running KMyFirewall" >
+<targetconfig uuid="{c3d33a7a-5ba9-45cc-8f34-1617b773e08f}" name="Untitled" description="No Description Available" >
+ <os name="linux" />
+ <backend name="iptables" />
+ <distribution name="" />
+ <initPath name="" />
+ <IPTPath name="" />
+ <modprobePath name="" />
+ <rcDefaultPath name="" />
+</targetconfig>
+ <kmfrs maxVersion="~" minVersion="1.0.0" version="1.1.0" uuid="{8af7181a-bf52-47e3-a00e-2204f8cff57c}" >
+ <abstract use_nat="no" use_filter="yes" use_syn_cookies="yes" use_ipfwd="yes" use_martians="yes" use_modules="yes" use_rp_filter="yes" name="Web Server Template" use_mangle="no" description="This is a template configuration for a typical web server. The tcp ports 80,443 and 22 are open (HTTP/HTTPS and SSH)." />
+<table uuid="{24e22827-5d99-49a3-8767-b9cf25371f7c}" name="filter" description="This table is the main table for filtering
+packets. Here you may define your
+access control rules" >
+<chain default_target="DROP" builtin="yes" uuid="{414166ad-b58e-41e8-8a8f-a9962e769bd1}" name="INPUT" description="In this chain you can filter packets that
+are addressed directly to this computer." >
+<rule num="0" logging="no" target="ICMP_FILTER" custom_rule="no" uuid="{ac00d50c-60b1-4596-9fe6-be5843be3cf4}" name="FWD_ICMP_FILTER" enabled="yes" description="Forward to the chain that handles ICPM packets
+to avoid crap like source-quench etc." />
+<rule num="1" logging="no" target="ANTISPOOF" custom_rule="no" uuid="{214725fa-4179-46e4-800d-5914741921e9}" name="FWD_ANTISPOOF" enabled="yes" description="Forward packets to the ANTISPOOF chain
+which performes some sainity checks for
+the packets to avoid spoofing." />
+<rule num="2" logging="no" target="TCP_CHECKS" custom_rule="no" uuid="{af2b8ac5-3f43-4679-b189-9f031921b7a7}" name="FWD_TCP_CHECKS" enabled="yes" description="Forward to chian TCP_CHECKS which
+filters invalid TCP flag combinations." >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{b5626a02-1808-444a-9e61-e6484318cb8c}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="3" logging="no" target="SERVICES" custom_rule="no" uuid="{f334a3b2-7f69-48d6-8594-54e2a5c4ef60}" name="FWD_SERVICES" enabled="yes" description="This rule forwards all packetst to the SERVICES chain.
+This chain is ment to be used for rules that allow
+access to this host e.g. http if you are running a web
+server." />
+<rule num="4" logging="no" target="ACCEPT" custom_rule="no" uuid="{4dc5f9cf-d19b-4030-998d-166ada82d814}" name="LOOPBACK" enabled="yes" description="Allow packets send from the loopback interface" >
+<ruleoption targetoption="no" type="interface_opt" uuid="{d53aa556-afd8-4906-867a-943747470965}" >
+ <ruleoptionvalue value0="lo" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="5" logging="no" target="ACCEPT" custom_rule="no" uuid="{bece6068-58e4-4cef-83b4-9513d574d471}" name="CONNTRACK" enabled="yes" description="This rule handles the connecktion tracking.
+It simply lets everything in that is a response
+to a network request you made." >
+<ruleoption targetoption="no" type="state_opt" uuid="{0210e1d2-769e-4495-8089-781d20ca2c3a}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="RELATED,ESTABLISHED" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+<chain default_target="ACCEPT" builtin="yes" uuid="{e97ee9d7-871f-49f0-b2a0-1912292a2071}" name="OUTPUT" description="In this chain you can decide which
+packets are allowed to be sent away
+from this computer." />
+<chain default_target="DROP" builtin="yes" uuid="{f437654c-62e4-4fee-b129-99ee59755394}" name="FORWARD" description="In this chain you can filter the packets
+that are routed to other hosts by this
+computer." />
+<chain builtin="no" uuid="{a0f476e7-9540-4260-9f61-de89d033fd3e}" name="ANTISPOOF" description="Packet spoof protection is done in
+this chain." >
+<rule num="0" logging="no" target="DROP" custom_rule="no" uuid="{b1e735e2-1b31-4b74-9c14-8613abf8b29c}" name="loopback_spoof" enabled="yes" description="Check if packets are really from the loaclhost." >
+<ruleoption targetoption="no" type="interface_opt" uuid="{774afbfa-c082-4084-878f-69bd9d193104}" >
+ <ruleoptionvalue value0="! lo" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+<ruleoption targetoption="no" type="ip_opt" uuid="{0ff372ce-3e46-499c-9512-0dae87cb2df8}" >
+ <ruleoptionvalue value0="127.0.0.0/8" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+<chain builtin="no" uuid="{49b1df3f-fb0e-4745-9547-612e350101af}" name="SERVICES" description="This rule allows other computer to connect to us on udp port 53" >
+<rule num="0" logging="no" target="ACCEPT" custom_rule="no" uuid="{b5812bdf-cb51-456d-882a-bf7d82f8e13b}" name="HTTP_HTTPS" enabled="yes" description="This rule allows other computer to connect to us on udp port 53" >
+<ruleoption targetoption="no" type="tcp_multiport_opt" uuid="{2625a4e2-ba07-472b-89e3-db0b2e065371}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="80,443" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="1" logging="no" target="ACCEPT" custom_rule="no" uuid="{11af5582-60d6-43d5-81b5-18bba8edb31f}" name="Example_SSH" enabled="yes" description="This rule opens the ports 80 and 443 (e.g. HTTP and HTTPS)" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{22b2c038-2be6-4997-9430-2340f29ba766}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="1024:65535" />
+ <ruleoptionvalue value2="22" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+<chain builtin="no" uuid="{28e8c0e7-84b9-431b-a636-c18777af661b}" name="ICMP_FILTER" description="Here some ICMP packet types are
+filtered to avoid denial of service attacks." >
+<rule num="0" logging="no" target="ACCEPT" custom_rule="no" uuid="{5740f895-e5b8-4b6c-ae75-a07df328b8a0}" name="ping" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="icmp_opt" uuid="{9cf0dfd0-9523-49a0-b7dc-f78b9c759dc2}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="echo-request" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="1" logging="no" target="ACCEPT" custom_rule="no" uuid="{f753a6a0-b7c3-47cd-b08a-ebac149220a8}" name="ping_reply" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="icmp_opt" uuid="{3a184346-683e-4535-99d2-ffe14f034984}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="echo-reply" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="2" logging="no" target="ACCEPT" custom_rule="no" uuid="{9aee9939-1a7b-4f71-a500-635f2ce6793d}" name="host_unreachable" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="icmp_opt" uuid="{fdb12c22-e453-4fbb-aafb-c3cc32c919e2}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="host-unreachable" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="3" logging="no" target="ACCEPT" custom_rule="no" uuid="{fda4fddc-efe8-4bd1-89a0-1e7e2080348d}" name="network_unreachable" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="icmp_opt" uuid="{6768d063-835c-40a2-992d-46d87f7b906a}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="network-unreachable" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+<chain builtin="no" uuid="{a47513dd-a3be-486d-a918-dc0dc01e6bcd}" name="TCP_CHECKS" description="No Description Available" >
+<rule num="0" logging="no" target="DROP" custom_rule="no" uuid="{53f9ce17-a8c8-4dc4-acb9-ea24977883e7}" name="tcp_flags1" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{381457e1-6e7c-422b-b73f-c879865e8bb2}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="ALL NONE" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="1" logging="no" target="DROP" custom_rule="no" uuid="{b5a11f5c-d6cf-400b-bc98-ef42bc7656d9}" name="tcp_flags2" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{4bb35820-e3ac-44be-a9fb-cfc7f1d41e22}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="FIN,ACK FIN" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="2" logging="no" target="DROP" custom_rule="no" uuid="{5751a6c7-5c75-4b20-8747-b10da300f38f}" name="tcp_flags3" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{76df0129-2788-4c66-8124-c96801337df3}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="ACK,PSH PSH" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="3" logging="no" target="DROP" custom_rule="no" uuid="{3f49954b-6a2a-4298-81c6-c54cd2c5c17d}" name="tcp_flags4" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{f51ebe7f-aa2b-452a-9350-66192ba7d322}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="ACK,URG URG" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="4" logging="no" target="DROP" custom_rule="no" uuid="{5e530522-9b04-49aa-8a0c-22d77a143393}" name="tcp_flags5" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{b7dc141d-d632-4ace-8fa5-689a8cfbe640}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="SYN,FIN SYN,FIN" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="5" logging="no" target="DROP" custom_rule="no" uuid="{c44e8a32-aa43-4320-afeb-81b7847cfdf9}" name="tcp_flags6" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{0e05588d-c058-4353-8274-33ad8b79aea9}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="SYN,RST SYN,RST" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="6" logging="no" target="DROP" custom_rule="no" uuid="{d99c29f2-8d22-4c87-96bd-8fae4f003fbf}" name="tcp_flags7" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{9734225e-7963-42a3-bf61-1a3c42c91331}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="FIN,RST FIN,RST" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+<rule num="7" logging="no" target="DROP" custom_rule="no" uuid="{0943595a-d650-4af0-bf95-0a133e75a72a}" name="tcp_nmapXmas" enabled="yes" description="Avoid nmap-xmas scanns" >
+<ruleoption targetoption="no" type="tcp_opt" uuid="{2858dee2-65e8-4097-aa5c-e0f3346ee9b4}" >
+ <ruleoptionvalue value0="bool:on" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="ALL FIN,PSH,URG" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+<chain builtin="no" uuid="{ba89f1bd-f323-41a4-9b05-96e13146a465}" name="LOCAL_LANS" description="No Description Available" >
+<rule num="0" logging="no" target="ACCEPT" custom_rule="no" uuid="{776e59c2-1940-48e0-8eb2-9f91a84435c6}" name="MyNET" enabled="yes" description="No Description Available" >
+<ruleoption targetoption="no" type="ip_opt" uuid="{570f7dab-5384-4e2f-a530-b33375cead6e}" >
+ <ruleoptionvalue value0="192.168.0.0/24" />
+ <ruleoptionvalue value1="bool:off" />
+ <ruleoptionvalue value2="bool:off" />
+ <ruleoptionvalue value3="bool:off" />
+ <ruleoptionvalue value4="bool:off" />
+ <ruleoptionvalue value5="bool:off" />
+ <ruleoptionvalue value6="bool:off" />
+ <ruleoptionvalue value7="bool:off" />
+ <ruleoptionvalue value8="bool:off" />
+ <ruleoptionvalue value9="bool:off" />
+</ruleoption>
+</rule>
+</chain>
+</table>
+<table uuid="{855aa6cf-d15d-4744-aede-5b93d07b128b}" name="nat" description="This table is made for every kind of
+NAT (Network Address Translation)." >
+<chain default_target="ACCEPT" builtin="yes" uuid="{3410f0f7-e203-4569-a857-dcf922125fa0}" name="OUTPUT" description="In this chain you can decide which
+packets are allowed to be sent away
+from this computer." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{e44c3748-6c56-4c17-be91-76dd12597593}" name="PREROUTING" description="..." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{1092717a-a346-4c75-9a16-a2ec8d749634}" name="POSTROUTING" description="..." />
+</table>
+<table uuid="{a4ef60e2-55fe-4c2c-bff8-3dacfa47caa4}" name="mangle" description="This table is made for altering packets." >
+<chain default_target="ACCEPT" builtin="yes" uuid="{a990c3d6-75e1-49e9-922f-d31ea7d59ccd}" name="INPUT" description="In this chain you can filter packets that
+are addressed directly to this compter." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{65910037-d1ab-4dfc-a5af-c46a32b20e99}" name="OUTPUT" description="In this chain you can decide which
+packets are allowed to be sent away
+from this computer." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{c5f40a03-9239-430c-aa1d-18a7a747f621}" name="FORWARD" description="In this chain you can filter the packets
+that are routed to other hosts by this
+computer." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{34509ced-a1d0-43ca-8bf3-e513cdde985b}" name="PREROUTING" description="..." />
+<chain default_target="ACCEPT" builtin="yes" uuid="{1ee9514d-ed88-4607-a22f-6eb4780ca1d7}" name="POSTROUTING" description="..." />
+</table>
+ </kmfrs>
+</target>
+</netzone>
+</kmfnet>
+
diff --git a/templates/Makefile.am b/templates/Makefile.am
new file mode 100644
index 0000000..b7b2337
--- /dev/null
+++ b/templates/Makefile.am
@@ -0,0 +1,9 @@
+EXTRA_DIST = workstation_template.tkmfrs
+
+templatedir = $(kde_datadir)/kmyfirewall/templates
+template_DATA = 02_workstation_template.tkmfgrs \
+02_workstation_template.tkmfrs \
+03_nat_router_template.tkmfgrs \
+03_nat_router_template.tkmfrs \
+04_web_server_template.tkmfgrs \
+04_web_server_template.tkmfrs \ No newline at end of file