entrouvert
/
eofirewall
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
This repository has been archived on 2023-02-21. You can view files and clone it, but cannot push or open issues or pull requests.
eofirewall/firewall.conf

70 lines
2.1 KiB
Plaintext
Raw Permalink Blame History

IPTABLES=/sbin/iptables
## WAN configuration
WAN_INT='eth0' # WAN interface
IP='42.42.42.42' # WAN IP
PING=1 # Allow ping
FTP=0 # Allow FTP server (passive and active)
## LAN configuration
NAT=0 # Activate nat (need a LAN_NETWORK)
LAN_NETWORK='' # LAN network (ex: 192.168.1.0/24)
LAN=0 # Allow traffic between the WAN and LAN
LAN_INT='' # LAN interface
## Allow OUTPUT for everything
ALLOW_WAN_OUTPUT_EVERYWHERE=1
## Allow all traffic for interface(s)
# example ALLOW_INTS='br0 xenbr42'
ALLOW_INTS=''
## Output allow
# destination [source] protocole {porta|portx:porty},[portx:porty,porta,portb,...]" .
# by default we allow http, https, ssh and DNS connections
OUPUT_DESTINATIONS=(
"0.0.0.0/0 tcp http,https,ssh,domain"
"0.0.0.0/0 udp domain"
)
## Open ports
# "source [destination] protocole {porta|portx:porty},[portx:porty,porta,portb,...]" ...
# The default destination is the IP !
# example : OPEN_PORTS=("0.0.0.0/0 tcp 22"
# "42.42.42.0/24 42.42.42.42 tcp ssh,imap,imaps,1024:2048,32")
OPEN_PORTS=("0.0.0.0/0 tcp ssh")
## Port knocking (tcp only)
# "port[,port] knock_ports_combinaison"
# example : PORT_KNOCK("22,4242 121,4353,4242,111")
PORT_KNOCK=()
## Port forwarding
# "source port destination:port protocol" "source port destination:port protocol" ...
# example : TRAFFICS=("0.0.0.0/0 80 192.168.0.42:80 tcp" "42.42.42.42 4242 192.168.0.43:22 tcp")
TRAFFICS=()
## Port redirection
# "interface protocol sourceport destport" ...
# example : REDIRECTIONS=("eth42 tcp 32 25" "$LAN_INT tcp 25 4242")
REDIRECTIONS=()
## Whitelist
# example with an external file
# source /etc/firewall/whitelist_ssh
# WHITELIST=(${WHITELIST[@])
# example : WHITELIST=("1.2.3.4" "1.3.4.4" "192.168.1.0/24")
#WHITELIST=()
## Whitelist port and protocol
# exmaple : WHITELIST_OPEN_PORTS=("tcp ssh,8006" "udp 4242")
# Hook point to write your own iptables rules
ipt_hook()
{
echo "+ Load your own iptables rules"
# Write your own iptables rules here
}
View Git Blame Copy Permalink