############################################################################### # Do not edit the lfirewall.conf directly # # Instead copy it first and edit the lfirewall.conf.local # # # # cp /etc/lfirewall/lfirewall.conf /etc/lfirewall/lfirewall.conf.local # ############################################################################### # Firewall configuration file # Uncomment the services you need there #The network interface to use (uncomment and change value if needed) #NETWORK_IF=eth0 ################################# # Logging # ################################# # Set ACTIVATE_LOGGING to 1 # will activate logs # Set ACTIVATE_LOGGING to 0 # will disable logs #ACTIVATE_LOGGING=0 ################################# # Additional network tweaks # ################################# # Set ALLOW_IP_FORWARDING to 1 # if IP forwarding is needed # Set ALLOW_IP_FORWARDING to 0 # will write 0 into /proc/sys/net/ipv4/ip_forward #ALLOW_IP_FORWARDING=0 # Set NETWORK_PROTECTION to 1 # to block additional network features from the kernel # Set NETWORK_PROTECTION to 0 # will do nothing #NETWORK_PROTECTION=1 ################################# # Services that the system will # # offer to the network # ################################# # SSH SSH_PORT="22" TCP_SERVICES="22" # Web server #TCP_SERVICES="http https $TCP_SERVICES" # SAMBA #SAMBA_PORTS="137 138 139" #TCP_SERVICES="$TCP_SERVICES $SAMBA_PORTS" # SAMBA: if you are using Active Directory #TCP_SERVICES="$TCP_SERVICES 445" #TCP_SERVICES=$TCP_SERVICES" 10021 10023:10999" # vsFTP UDP_SERVICES="" ################################# # Services the system will use # # from the network # ################################# # These services will not be accessible from the current # server until they are allowed #REMOTE_TCP_SERVICES="80 443" # Web browsing REMOTE_TCP_SERVICES="22 $REMOTE_TCP_SERVICES" # SSH #REMOTE_TCP_SERVICES="20 $REMOTE_TCP_SERVICES" # FTP REMOTE_TCP_SERVICES="$REMOTE_TCP_SERVICES $SAMBA_PORTS" REMOTE_UDP_SERVICES="53" # DNS