Attachment 59986 Details for Bug 94204 – config file for firewall script

config file for firewall script

firewall.example.conf (text/plain), 3.34 KB, created by Evan Buswell on 2005-05-27 17:21:32 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Evan Buswell

Created: 2005-05-27 17:21:32 UTC

Size: 3.34 KB

patch

obsolete

># Configuration file for gentoo-firewall.
>
># This is a shell fragment.  To set any variable globally, just set
># the variable.  To set a variable only for a specific interface, set
># variable_ifvar (where ifvar is iface s/[![:word:]]/_/ -- usually
># these are the same).  To set a variable for a few interfaces, you
># can append a string which is part of the interface name
># (e.g. var_ppp will set a variable for all ppp interfaces, no matter
># what the number).  If more than one variable matches, variables will
># be evaluated from least to most specific.  True/false variables will
># be overriden by the most specific variable.  Other variables will
># stack all values.
>
># Global on switch.  Defaults to "false" to save newbies headaches.
>#firewall="true"
>
># Ports we want to open.  Can take a space-separated list of port
># numbers or names from /etc/services.  If you wish to only allow
># traffic to the port from a specified address, you may prefix the
># port with an address like address:port.  By default all ports are
># closed.
>#tcp_services="ssh"
>#tcp_services_wlan0="domain"
>#tcp_services_ppp="domain"
>#tcp_services_eth0="smtp"
>#udp_services_wlan0="bootps isakmp 4500 l2tp"
>#udp_services_ppp="domain"
>#udp_services_eth0="204.123.2.5:ntp isakmp 4500 bootpc"
>
># Protocols we wish to allow ALL traffic from.  Use with caution!
>#protocols_wlan0="esp ah"
>
># Accept certain icmp types.  Leave unset to use a good default value.
># *Be careful when setting this by hand--icmp is a necessary part of
># ip.*
>#icmp_accept="0 3 8 9 11 12"
>
># Reject filtered packets instead of just dropping them.  Defaults to
># "false"
>#reject="true"
>
># Log all filtered packets.  Defaults to "false".  This can generate a
># lot of logs and should probably only be used for debugging or on an
># internal interface where you expect no random traffic.  This could
># potentially be used for a DOS attack so be careful.
>#log_all="true"
>#log_all_eth0="false"
>
># Allow replies to get through.  Defaults to "true".  You probably
># don't want to turn this off.
>#replies="true"
>
>
># The remainder of the variables are devoted to packet forwarding
># rules.  If you don't want to forward packets, leave this section
># alone as all rules will default to not allow forwarding.
>
># Forward any traffic originating on this interface.  Defaults to
># "false".
># forward_from_ppp="true"
>
># Forward replies back to other interfaces.  defaults to "false"
># forward_replies_from_eth0="true"
>
># Forward traffic through this interface.  Note this traffic must
># first have been accepted for forwarding by one of the above two
># rules.  Defaults to "false".
># forward_via_eth0="true"
>
># Forward replies through this interface.  Defaults to "false".
># forward_replies_via_ppp="true"
>
># Masquerade all traffic routed through this interface.  Defaults to
># "false".
># masquerade_eth0="true"
>
># If you need to do something special, you can define the following
># functions:
># input_hook() { } -- for appending rules to the input chain
># ("ifvar-in").
># pkfw_in_hook() { } -- for appending rules to the packet forwarding
># ingress chain ("pkfw-in-ifvar").
># pkfw_out_hook() { } -- for appending rules to the packet forwarding
># egress chain ("pkfw-out-ifvar").
># These functions get iface in $1 and ifvar in $2
>
>#pkfw_out_hook_ppp() {
>#    local ifvar=${2}
>#    # allow our subnet to contact us
>#    iptables -A pkfw-out-${ifvar} \
>#	--source 10.0.0.0/8 --jump ACCEPT
>#}

Actions: View

Attachments on bug 94204: 59958 | 59984 | 59985 | 59986 | 59987