- Add 'any_access_from_inet_networks'

- Add 'allow_ext_net_to_local_service' - Add 'allow_ext_net_to_local_net' - Add 'block_all_ext_to_local_net'
2017-05-04 01:22:52 +02:00
parent 528b43ff11
commit a2fe7ce5ff
5 changed files with 430 additions and 11 deletions
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@ -50,6 +50,82 @@ unprotected_ifs=""
 any_access_to_inet_networks=""


+# - Allow these networks getting any access from the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net,local-address,port,protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 2001:6f8:107e:63::20/128 to ssh service at 2a01:30:1fff:fd00::210 on port 1036
+# -    allow access from 2a01:30:0:13:5054:ff:fe09:2318/64 to https service at 2a01:30:1fff:fd00::204
+# -
+# -    allow_ext_net_to_local_service="2001:6f8:107e:63::20/128,2a01:30:1fff:fd00::210,1036,tcp 
+# -                                    2a01:30:0:13:5054:ff:fe09:2318/64,2a01:30:1fff:fd00::204,$standard_https_port,tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>,<dst-local-net> [<src-ext-net>,<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="2a01:30:0:13:5054:ff:fe09:2318/64,2a01:30:1fff:fd00::0/64
+# -                               2001:6f8:107e:63::/64,2a01:30:ff:fd00::204/128"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net="2a01:30:0:13:5054:ff:fe09:2318/64,2001:6f8:107e:63::/64
+                            2a01:30:1fff:fd00::0/64,2001:6f8:107e:63::20"
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Example:
+# -    block_all_ext_to_local_net="2a01:30:1fff:fd01::1/64 2a01:30:1fff:fd04::1/64"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+

 # =============
 # - Allow local services from given local networks