From 15c3382f2f4eb9b180d3bf0d49e886e238f71f4f Mon Sep 17 00:00:00 2001
From: Gardouille <gardouille@gmail.com>
Date: Wed, 16 Sep 2015 17:55:44 +0200
Subject: [PATCH] firewall: allow OUTPUT http(s) and OpenPGP

---
 firewall | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/firewall b/firewall
index a5ec32e..7136298 100755
--- a/firewall
+++ b/firewall
@@ -199,19 +199,18 @@ if [ $(command -v dhclient) ]; then
   $IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} -s "${IPLAN}" --sport 68 -m comment --comment "DHCPREQUEST"
 fi
 
-#  #### HTTP (maj, ...)
-#  $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 80 -m state --state NEW -m comment --comment "HTTP out"
-#  $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 443 -m state --state NEW -m comment --comment "HTTPS out"
-#
+  #### HTTP (maj, ...)
+  $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 80 -m state --state NEW -m comment --comment "HTTP out"
+  $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 443 -m state --state NEW -m comment --comment "HTTPS out"
+
 #  #### NTP
 #  $IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} --dport 123 -m state --state NEW -m comment --comment "NTP"
 #
 #  #### Puppet (connection, ... )
 #  $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" --dport 8140 -m state --state NEW -m comment --comment "Puppet out"
-#
-#  #### OpenPGP HTTP key server (add key, maj, ...)
-#  $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 11371 -m state --state NEW -m comment --comment "OpenPGP req"
-#
+  #### OpenPGP HTTP key server (add key, maj, ...)
+  $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 11371 -m state --state NEW -m comment --comment "OpenPGP req"
+
 #  #### Apache2 - Web server
 #  #$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 80 -m state --state NEW -m comment --comment "New HTTP out"
 #  #$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 443 -m state --state NEW -m comment --comment "New HTTPS out"