Home Explore Help
Sign In
lhubert
/
lfirewall
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e2d565490a
Branches Tags
lfirewall
/
etc
/
lfirewall.conf

lfirewall.conf 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. ###############################################################################
    2. 

  2. # Do not edit the lfirewall.conf directly                                     #
    3. 

  3. # Instead copy it first and edit the lfirewall.conf.local                     #
    4. 

  4. #                                                                             #
    5. 

  5. # cp /etc/lfirewall/lfirewall.conf /etc/lfirewall/lfirewall.conf.local        #
    6. 

  6. ###############################################################################
    7. 

  7. 

  8. # Firewall configuration file
    9. 

  9. # Uncomment the services you need there
    10. 

  10. 

  11. #The network interface to use (uncomment and change value if needed)
    12. 

  12. #NETWORK_IF=eth0
    13. 

  13. 

  14. #################################
    15. 

  15. # Logging     #
    16. 

  16. #################################
    17. 

  17. # Set ACTIVATE_LOGGING to 1
    18. 

  18. #     will activate logs
    19. 

  19. # Set ACTIVATE_LOGGING to 0
    20. 

  20. #     will disable logs
    21. 

  21. #ACTIVATE_LOGGING=0
    22. 

  22. 

  23. 

  24. #################################
    25. 

  25. # Additional network tweaks     #
    26. 

  26. #################################
    27. 

  27. # Set ALLOW_IP_FORWARDING to 1
    28. 

  28. #     if IP forwarding is needed
    29. 

  29. #ALLOW_IP_FORWARDING=0
    30. 

  30. ### WARNING: better solution is to use /etc/sysctl.conf
    31. 

  31. 

  32. 

  33. # Set NETWORK_PROTECTION to 1
    34. 

  34. #    to block additional network features from the kernel
    35. 

  35. # Set NETWORK_PROTECTION to 0
    36. 

  36. #     will do nothing
    37. 

  37. #NETWORK_PROTECTION=1
    38. 

  38. 

  39. #################################
    40. 

  40. # Services that the system will #
    41. 

  41. # offer to the network          #
    42. 

  42. #################################
    43. 

  43. 

  44. # SSH
    45. 

  45. SSH_PORT="22"
    46. 

  46. 

  47. TCP_SERVICES="22"
    48. 

  48. 

  49. # Web server
    50. 

  50. #TCP_SERVICES="http https $TCP_SERVICES"
    51. 

  51. 

  52. # SAMBA
    53. 

  53. #SAMBA_PORTS="137 138 139"
    54. 

  54. #TCP_SERVICES="$TCP_SERVICES $SAMBA_PORTS"
    55. 

  55. 

  56. # SAMBA: if you are using Active Directory
    57. 

  57. #TCP_SERVICES="$TCP_SERVICES 445"
    58. 

  58. 

  59. #TCP_SERVICES=$TCP_SERVICES" 10021 10023:10999" # vsFTP
    60. 

  60. 

  61. UDP_SERVICES=""
    62. 

  62. 

  63. #################################
    64. 

  64. # Services the system will use  #
    65. 

  65. # from the network              #
    66. 

  66. #################################
    67. 

  67. # These services will not be accessible from the current
    68. 

  68. # server until they are allowed
    69. 

  69. #REMOTE_TCP_SERVICES="80 443" # Web browsing
    70. 

  70. REMOTE_TCP_SERVICES="22 $REMOTE_TCP_SERVICES" # SSH
    71. 

  71. #REMOTE_TCP_SERVICES="20 $REMOTE_TCP_SERVICES" # FTP
    72. 

  72. 

  73. REMOTE_TCP_SERVICES="$REMOTE_TCP_SERVICES $SAMBA_PORTS"
    74. 

  74. 

  75. REMOTE_UDP_SERVICES="53" # DNS
    76. 

  76. 

  77. BANNED_LISTS="et_spamhaus spamhaus_drop et_dshield"
    78.