add additional test rules to examples

diff --git a/examples/iptables/test.pp b/examples/iptables/test.pp
index 4f1e3906e23038b5ec6a2c0d61553ac5512cab3c..5d69c2da60a09e6a9bd2e47d9c3455c6016f20a9 100644 (file)
--- a/examples/iptables/test.pp
+++ b/examples/iptables/test.pp
@@ -26,13 +26,75 @@ firewall { '002 foo':
   jump => "DROP",
 }
 
-firewall { "010 icmp":
+firewall { '010 icmp':
   proto => "icmp",
   icmp => "echo-reply",
   jump => "ACCEPT",
 }
 
+firewall { '010 INPUT allow loopback':
+  iniface => 'lo',
+  chain => 'INPUT',
+  jump => 'ACCEPT'
+}
+
+firewall { '005 INPUT disregard DHCP':
+  dport => ['bootpc', 'bootps'],
+  jump => 'DROP',
+  proto => 'udp'
+}
+
+firewall { '006 INPUT disregard netbios':
+  proto => 'udp'
+  dport => ['netbios-ns', 'netbios-dgm', 'netbios-ssn']
+  jump => 'DROP'
+}
+
+firewall { '006 Disregard CIFS':
+  dport => 'microsoft-ds',
+  jump => 'DROP',
+  proto => 'tcp'
+}
+
+firewall { '050 INPUT drop invalid':
+  state => 'INVALID',
+  jump => 'DROP'
+}
+
+firewall { '051 INPUT allow related and established':
+  state => ['RELATED', 'ESTABLISHED'],
+  jump => 'ACCEPT'
+}
+
+firewall { '053 INPUT allow ICMP':
+  icmp => '8',
+  proto => 'icmp',
+  jump => 'ACCEPT'
+}
+
+firewall { '055 INPUT allow DNS':
+  proto => 'udp',
+  jump => 'ACCEPT',
+  sport => 'domain'
+}
+
+firewall { '999 FORWARD drop':
+  chain => 'OUTPUT',
+  jump => 'DROP'
+}
+
+firewall { '001 OUTPUT allow loopback':
+  chain => 'OUTPUT',
+  outiface => 'lo',
+  jump => 'ACCEPT'
+}
+
+firewall { '100 OUTPUT drop invalid':
+  chain => 'OUTPUT',
+  state => 'INVALID',
+  jump => 'DROP'
+}
+
 resources { 'firewall':
   purge => true
 }
-