summaryrefslogtreecommitdiffstats
path: root/firewall.conf
diff options
context:
space:
mode:
authorJérôme Schneider <jschneider@entrouvert.com>2011-06-21 12:21:52 (GMT)
committerJérôme Schneider <jschneider@entrouvert.com>2011-06-21 12:21:52 (GMT)
commit6a34b1697ea9f1955ee3b75809b3cd388790a8ec (patch)
treedbc72bb0fb5a9ec1cb26d66e89267a5e16217c77 /firewall.conf
parentb4601423a0a44fc27130f87133c05cf001344094 (diff)
downloadeofirewall-6a34b1697ea9f1955ee3b75809b3cd388790a8ec.zip
eofirewall-6a34b1697ea9f1955ee3b75809b3cd388790a8ec.tar.gz
eofirewall-6a34b1697ea9f1955ee3b75809b3cd388790a8ec.tar.bz2
Add port knocking and support save and load rules
* Support port knocking * Add a test option * Add save and load of the rules * Modify states to support last iptables version * Add logrotate support for the Debian packages
Diffstat (limited to 'firewall.conf')
-rw-r--r--firewall.conf8
1 files changed, 7 insertions, 1 deletions
diff --git a/firewall.conf b/firewall.conf
index 2325402..5ce3764 100644
--- a/firewall.conf
+++ b/firewall.conf
@@ -20,9 +20,15 @@ ALLOW_INTS=''
## Open ports
# "source [destination] protocole {porta|portx:porty},[portx:porty,porta,portb,...]" ...
# The default destination is the IP !
-# example : OPEN_PORTS=("0.0.0.0/0 tcp 22" "42.42.42.0/24 42.42.42.42 tcp ssh,imap,imaps,1024:2048,32")
+# example : OPEN_PORTS=("0.0.0.0/0 tcp 22"
+# "42.42.42.0/24 42.42.42.42 tcp ssh,imap,imaps,1024:2048,32")
OPEN_PORTS=("0.0.0.0/0 tcp ssh")
+## Port knocking
+# "port knock_ports_combinaison"
+# example : PORT_KNOCK("22 121,4353,4242,111")
+PORT_KNOCK=()
+
## Port forwarding
# "source port destination:port protocol" "source port destination:port protocol" ...
# example : TRAFFICS=("0.0.0.0/0 80 192.168.0.42:80 tcp" "42.42.42.42 4242 192.168.0.43:22 tcp")