49 lines
1.5 KiB
Plaintext
49 lines
1.5 KiB
Plaintext
IPTABLES=/sbin/iptables
|
|
|
|
## WAN configuration
|
|
WAN_INT='' # WAN interface
|
|
IP='' # WAN IP
|
|
|
|
PING=1 # Allow ping
|
|
FTP=0 # Allow FTP server (passive and active)
|
|
|
|
## LAN configuration
|
|
NAT=0 # Activate nat (need a LAN_NETWORK)
|
|
LAN_NETWORK='' # LAN network (ex: 192.168.1.0/24)
|
|
LAN=0 # Allow traffic between the WAN and LAN
|
|
LAN_INT='' # LAN interface
|
|
|
|
## Allow all traffic for interface(s)
|
|
# example ALLOW_INTS='br0 xenbr42'
|
|
ALLOW_INTS=''
|
|
|
|
## Open ports
|
|
# "source [destination] protocole {porta|portx:porty},[portx:porty,porta,portb,...]" ...
|
|
# The default destination is the IP !
|
|
# example : OPEN_PORTS=("0.0.0.0/0 tcp 22"
|
|
# "42.42.42.0/24 42.42.42.42 tcp ssh,imap,imaps,1024:2048,32")
|
|
OPEN_PORTS=("0.0.0.0/0 tcp ssh")
|
|
|
|
## Port knocking (tcp only)
|
|
# "port knock_ports_combinaison"
|
|
# example : PORT_KNOCK("22 121,4353,4242,111")
|
|
PORT_KNOCK=()
|
|
|
|
## Port forwarding
|
|
# "source port destination:port protocol" "source port destination:port protocol" ...
|
|
# example : TRAFFICS=("0.0.0.0/0 80 192.168.0.42:80 tcp" "42.42.42.42 4242 192.168.0.43:22 tcp")
|
|
TRAFFICS=()
|
|
|
|
## Port redirection
|
|
# "interface protocol sourceport destport" ...
|
|
# example : REDIRECTIONS=("eth42 tcp 32 25" "$LAN_INT tcp 25 4242")
|
|
REDIRECTIONS=()
|
|
|
|
# Hook point to write your own iptables rules
|
|
ipt_hook()
|
|
{
|
|
echo "+ Load your own iptables rules"
|
|
# Write your own iptables rules here
|
|
}
|
|
|