"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "etc/arno-iptables-firewall/firewall.conf" between
aif-2.1.0.tar.gz and aif-2.1.1.tar.gz

About: Arno’s iptables firewall is a stateful firewall script for both single and multi-homed machines with DSL/ADSL support.

firewall.conf  (aif-2.1.0):firewall.conf  (aif-2.1.1)
skipping to change at line 250 skipping to change at line 250
# (IPv6 and non-NAT'ed IPv4 Only) # (IPv6 and non-NAT'ed IPv4 Only)
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
INET_FORWARD_TCP="" INET_FORWARD_TCP=""
INET_FORWARD_UDP="" INET_FORWARD_UDP=""
INET_FORWARD_IP="" INET_FORWARD_IP=""
################################################################################ ################################################################################
# General settings # # General settings #
################################################################################ ################################################################################
# (EXPERT SETTING!) Location of the environment file
# ------------------------------------------------------------------------------
ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
# (EXPERT SETTING!) Location of plugin binary & config files
# ------------------------------------------------------------------------------
PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins"
PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins"
# Most people don't want to get any firewall logs being spit to the console. # Most people don't want to get any firewall logs being spit to the console.
# This option makes the kernel ring buffer only log messages with level # This option makes the kernel ring buffer only log messages with level
# "panic". # "panic".
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
DMESG_PANIC_ONLY=1 DMESG_PANIC_ONLY=1
# Enable this if you want TOS mangling (RFC) # Enable this if you want TOS mangling (RFC)
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
MANGLE_TOS=0 MANGLE_TOS=0
skipping to change at line 521 skipping to change at line 512
# Enable logging of normal connection attempts to "other-IP"-protocols (non # Enable logging of normal connection attempts to "other-IP"-protocols (non
# TCP/UDP/ICMP/IGMP). # TCP/UDP/ICMP/IGMP).
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
OTHER_IP_LOG=1 OTHER_IP_LOG=1
# Enable logging for ICMP flooding. # Enable logging for ICMP flooding.
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
ICMP_FLOOD_LOG=1 ICMP_FLOOD_LOG=1
# (EXPERT SETTING!) The location of the dedicated firewall log file. When # (EXPERT SETTING!) Log-level used for logging to syslog. The default is "info"
# enabled the firewall script will also log start/stop etc. info to this file # but "debug" can be used to have (legacy) syslogd log to
# as well. Note that in order to make this work, you should also configure # /var/log/arno-iptables-firewall. Note that this also requires you to
# syslogd to log firewall messages to this file (see LOGLEVEL below for further # modify your syslogd.conf (see examples on how to). Most (if not all) newer
# info). # distributions use rsyslogd which works much better out of the box, so in most
# ------------------------------------------------------------------------------ # cases you can leave this setting as is.
#FIREWALL_LOG="/var/log/firewall.log"
# (EXPERT SETTING!) Current log-level ("info": default kernel syslog level)
# "debug": can be used to log to /var/log/firewall.log, but you have to
# configure syslogd accordingly (see included syslogd.conf examples).
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
LOGLEVEL="info" LOGLEVEL="info"
# Put in the following variables which hosts you want to log certain incoming # Put in the following variables which hosts you want to log certain incoming
# connection attempts for. # connection attempts for.
# TCP/UDP port format (LOG_HOST_INPUT_xxx): # TCP/UDP port format (LOG_HOST_INPUT_xxx):
# "host1,host2~port1,port2 host3,host4~port3,port4 ..." # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
# #
# IP protocol format (LOG_HOST_INPUT_IP): # IP protocol format (LOG_HOST_INPUT_IP):
# "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..." # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
skipping to change at line 652 skipping to change at line 638
# routed back along the path from which it came, namely outside, so attackers # routed back along the path from which it came, namely outside, so attackers
# can compromise your network. Source routing is rarely used for legitimate # can compromise your network. Source routing is rarely used for legitimate
# purposes, so normally you should always leave this enabled(1)! # purposes, so normally you should always leave this enabled(1)!
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
SOURCE_ROUTE_PROTECTION=1 SOURCE_ROUTE_PROTECTION=1
# Here we set the local port range (ports from which connections are # Here we set the local port range (ports from which connections are
# initiated from our site). Don't mess with this unless you really know what # initiated from our site). Don't mess with this unless you really know what
# you are doing! # you are doing!
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
LOCAL_PORT_RANGE="32768 61000" LOCAL_PORT_RANGE="32768 60999"
# Here you can change the default TTL used for sending packets. The value # Here you can change the default TTL used for sending packets. The value
# should be between 10 and 255. Don't mess with this unless you really know # should be between 10 and 255. Don't mess with this unless you really know
# what you are doing! # what you are doing!
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
DEFAULT_TTL=64 DEFAULT_TTL=64
# In most cases pmtu discovery is ok, but in some rare cases (when having # In most cases pmtu discovery is ok, but in some rare cases (when having
# problems) you might want to disable it. # problems) you might want to disable it.
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
 End of changes. 3 change blocks. 
21 lines changed or deleted 7 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)