diff --git a/conf/default_basic_behavior.conf b/conf/default_basic_behavior.conf index 0a6fa4b..db743fb 100644 --- a/conf/default_basic_behavior.conf +++ b/conf/default_basic_behavior.conf @@ -62,7 +62,7 @@ allow_speedtest=true # Gaming # # Playstation (PS), Xbox, FiFa -# +# allow_game_xbox_one_out=false allow_game_xbox_360_out=false allow_game_ps3_out=false @@ -82,10 +82,10 @@ allow_game_call_of_duty=false # - Services allowed between local networks # --- -# - These Parameters are only considered, if traffic -# - between local networks are not permitted, thats +# - These Parameters are only considered, if traffic +# - between local networks are not permitted, thats # - if 'permit_between_local_networks=false' (see below). -# - +# - allow_ssh_between_local_nets=true allow_samba_between_local_nets=false allow_ldap_between_local_nets=false @@ -116,8 +116,8 @@ permit_all_icmp_traffic=true # - provide_mailservice_from_local=true -# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. -# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, +# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. +# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, # - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters. # - create_iperf_rules=false @@ -128,6 +128,38 @@ create_iperf_rules=false # --- Router IPv4 # ============= +# - Activate forwarding +# - +# - Enable/disable forwarding to and between interfaces +# - +kernel_activate_forwarding=true + +# - Activate kernel support for dynamic IP adresses +# - (not needed in case of static IP) +# - +# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt +# - +# - The values for the ip_dynaddr sysctl are [*]: +# - +# - 1: To enable: +# - 2: To enable verbosity: +# - +# - [*] At boot, by default no address rewriting is attempted. +# - [**] This code is currently totaly untested. +# - +# - Flags can be combined by adding them. Common settings +# - would be: +# - +# - To enable rewriting in quiet mode: +# - # echo 1 > /proc/sys/net/ipv4/ip_dynaddr +# - To enable rewriting in verbose mode: +# - # echo 2 > /proc/sys/net/ipv4/ip_dynaddr +# - ... +# - +kernel_support_dynaddr=true +default_dynaddr_flag=2 + + # - Set to "true" to secure/tune the kernel # - adjust_kernel_parameters=true diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index b27d39f..5bd870e 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -1989,7 +1989,7 @@ kernel_activate_forwarding=true # - ... # - kernel_support_dynaddr=true -dynaddr_flag="3" +dynaddr_flag="$default_dynaddr_flag" # - Reduce DoS'ing ability by reducing timeouts # - diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway index 8b72afa..5405e8b 100755 --- a/ipt-firewall-gateway +++ b/ipt-firewall-gateway @@ -156,13 +156,20 @@ else echo_done fi +if [[ -z "$dynaddr_flag" ]] ; then + dynaddr_flag=$default_dynaddr_flag +fi if $kernel_support_dynaddr ; then echononl "\tActivate kernel support for dynamic addresses.." - if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then + if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-3]+$ ]]; then echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr echo_done else echo_failed + + echononl "\t\tSet '/proc/sys/net/ipv4/ip_dynaddr' to '2'" + echo 2 > /proc/sys/net/ipv4/ip_dynaddr + echo_done fi else echo 0 > /proc/sys/net/ipv4/ip_dynaddr