Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 59986 Details for
Bug 94204
Gentoo Firewall Scripts
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
config file for firewall script
firewall.example.conf (text/plain), 3.34 KB, created by
Evan Buswell
on 2005-05-27 17:21:32 UTC
(
hide
)
Description:
config file for firewall script
Filename:
MIME Type:
Creator:
Evan Buswell
Created:
2005-05-27 17:21:32 UTC
Size:
3.34 KB
patch
obsolete
># Configuration file for gentoo-firewall. > ># This is a shell fragment. To set any variable globally, just set ># the variable. To set a variable only for a specific interface, set ># variable_ifvar (where ifvar is iface s/[![:word:]]/_/ -- usually ># these are the same). To set a variable for a few interfaces, you ># can append a string which is part of the interface name ># (e.g. var_ppp will set a variable for all ppp interfaces, no matter ># what the number). If more than one variable matches, variables will ># be evaluated from least to most specific. True/false variables will ># be overriden by the most specific variable. Other variables will ># stack all values. > ># Global on switch. Defaults to "false" to save newbies headaches. >#firewall="true" > ># Ports we want to open. Can take a space-separated list of port ># numbers or names from /etc/services. If you wish to only allow ># traffic to the port from a specified address, you may prefix the ># port with an address like address:port. By default all ports are ># closed. >#tcp_services="ssh" >#tcp_services_wlan0="domain" >#tcp_services_ppp="domain" >#tcp_services_eth0="smtp" >#udp_services_wlan0="bootps isakmp 4500 l2tp" >#udp_services_ppp="domain" >#udp_services_eth0="204.123.2.5:ntp isakmp 4500 bootpc" > ># Protocols we wish to allow ALL traffic from. Use with caution! >#protocols_wlan0="esp ah" > ># Accept certain icmp types. Leave unset to use a good default value. ># *Be careful when setting this by hand--icmp is a necessary part of ># ip.* >#icmp_accept="0 3 8 9 11 12" > ># Reject filtered packets instead of just dropping them. Defaults to ># "false" >#reject="true" > ># Log all filtered packets. Defaults to "false". This can generate a ># lot of logs and should probably only be used for debugging or on an ># internal interface where you expect no random traffic. This could ># potentially be used for a DOS attack so be careful. >#log_all="true" >#log_all_eth0="false" > ># Allow replies to get through. Defaults to "true". You probably ># don't want to turn this off. >#replies="true" > > ># The remainder of the variables are devoted to packet forwarding ># rules. If you don't want to forward packets, leave this section ># alone as all rules will default to not allow forwarding. > ># Forward any traffic originating on this interface. Defaults to ># "false". ># forward_from_ppp="true" > ># Forward replies back to other interfaces. defaults to "false" ># forward_replies_from_eth0="true" > ># Forward traffic through this interface. Note this traffic must ># first have been accepted for forwarding by one of the above two ># rules. Defaults to "false". ># forward_via_eth0="true" > ># Forward replies through this interface. Defaults to "false". ># forward_replies_via_ppp="true" > ># Masquerade all traffic routed through this interface. Defaults to ># "false". ># masquerade_eth0="true" > ># If you need to do something special, you can define the following ># functions: ># input_hook() { } -- for appending rules to the input chain ># ("ifvar-in"). ># pkfw_in_hook() { } -- for appending rules to the packet forwarding ># ingress chain ("pkfw-in-ifvar"). ># pkfw_out_hook() { } -- for appending rules to the packet forwarding ># egress chain ("pkfw-out-ifvar"). ># These functions get iface in $1 and ifvar in $2 > >#pkfw_out_hook_ppp() { ># local ifvar=${2} ># # allow our subnet to contact us ># iptables -A pkfw-out-${ifvar} \ ># --source 10.0.0.0/8 --jump ACCEPT >#}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 94204
:
59958
|
59984
|
59985
| 59986 |
59987