- Add 'any_access_from_inet_networks'

- Add 'allow_ext_net_to_local_service'
- Add 'allow_ext_net_to_local_net'
- Add 'block_all_ext_to_local_net'

conf/main_ipv4.conf.sample

@@ -50,6 +50,97 @@ unprotected_ifs=""
 any_access_to_inet_networks=""
 
 
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                      86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
 
 # =============
 # - Allow local services from given local networks