diff --git a/INSTALL b/INSTALL index 1bf8dff..72cb8a9 100644 --- a/INSTALL +++ b/INSTALL @@ -16,17 +16,16 @@ cp ip6t-firewall-gateway /usr/local/sbin/ # --- mkdir -p /etc/ipt-firewall -cp default_ports.conf \ - include_functions.conf \ - interfaces.conf \ - load_modules_ipv4.conf \ - load_modules_ipv6.conf \ - logging_ipv4.conf \ - logging_ipv6.conf \ - post_decalrations.conf /etc/ipt-firewall/ +cp conf/default_ports.conf \ + conf/include_functions.conf \ + conf/load_modules_ipv4.conf \ + conf/load_modules_ipv6.conf \ + conf/logging_ipv4.conf \ + conf/logging_ipv6.conf \ + conf/post_decalrations.conf /etc/ipt-firewall/ -cp interfaces_ipv4.conf.sample /etc/ipt-firewall/interfaces_ipv4.conf -cp main_ipv4.conf.sample /etc/ipt-firewall/main_ipv4.conf +cp conf/interfaces_ipv4.conf.sample /etc/ipt-firewall/interfaces_ipv4.conf +cp conf/main_ipv4.conf.sample /etc/ipt-firewall/main_ipv4.conf # - Adjust files # - /etc/ipt-firewall/interfaces_ipv4.conf diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index 2e6aa1f..2fb9b32 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -202,6 +202,7 @@ six_pop_server=deham01.sixxs.net # ====== # - VPN Service on Gateway? +# - local_vpn_service=true vpn_gw_ports="1194 1195 1196" @@ -222,6 +223,7 @@ declare -A vpn_server_dmz_arr # - Local VPN Ports # - # - Blank separated list +# - vpn_local_net_ports="1194" @@ -534,6 +536,7 @@ snmp_port="161" # - NOT YET IMPLEMENTED # - Mumble ports +# - mumble_ports="64738" @@ -547,7 +550,7 @@ local_xymon_server=false # - XyMon Service (usually TCP port 1984) # - -# - Comma separated list of ip's +# - Blank separated list of ip's # - xymon_server_ips="" local_xymon_client="" @@ -754,6 +757,8 @@ brscan_port=54921 # - Dont't foregt to add ip-adresses also to http(s) service if the # - systems provide webinterfaces! # - +# - Blank seoarated list +# - tele_sys_ips="" tele_sys_remote_sip_server_port=5060 tele_sys_local_sip_server_port=5067 @@ -809,7 +814,9 @@ other_services="" # - # - 192.168.64.55: Repeater TP-Link TL-WA850RE # - -masquerade_tcp_cons="192.168.63.0/24:192.168.64.55:80:${local_if_1}" +# - Blank separated list +# - +masquerade_tcp_cons="" # ============= @@ -961,6 +968,8 @@ allow_remote_mac_src_addresses="" # - 61.160.0.0/16 - CHINANET-JS # - 116.8.0.0/14 CHINANET-GX # - +# - Blank separated list +# - blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14" diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index ced81bc..638cbce 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -198,6 +198,7 @@ forward_private_ips="" # ====== # - VPN Service on Gateway? +# - local_vpn_service=true vpn_gw_ports="1194 1195 1196" @@ -218,6 +219,7 @@ declare -A vpn_server_dmz_arr # - Local VPN Ports # - # - Blank separated list +# - vpn_local_net_ports="1194" @@ -280,7 +282,6 @@ ssh_server_only_local_ips="" # - Multiple settins of this parameter is possible # - declare -A ssh_server_dmz_arr -ssh_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_static_1 # - SSH Ports @@ -339,7 +340,7 @@ declare -A http_ssl_server_dmz_arr # - # - comma separated list # - -http_ports="80,443" +http_ports="$standard_http_ports" # ====== @@ -350,7 +351,7 @@ http_ports="80,443" # - # - NOT YET IMPLEMENTED # - -#local_mail_service=false +local_mail_service=false # - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks @@ -378,7 +379,7 @@ declare -A mail_server_dmz_arr # - # - comma separated list # - -mail_user_ports="587,465,110,995,143,993" +mail_user_ports="$standard_mailuser_ports" # - Mail Server (local Networks) SMTP Port @@ -518,6 +519,7 @@ snmp_port="161" # - NOT YET IMPLEMENTED # - Mumble ports +# - mumble_ports="64738" @@ -739,6 +741,8 @@ brscan_port=54921 # - Dont't foregt to add ip-adresses also to http(s) service if the # - systems provide webinterfaces! # - +# - Blank separated list +# - tele_sys_ips="" tele_sys_remote_sip_server_port=5060 tele_sys_local_sip_server_port=5067 @@ -864,7 +868,7 @@ vpn_out_ports="1194 1195 1196" allow_ssh_between_local_nets=true allow_samba_between_local_nets=false allow_ldap_between_local_nets=false -allow_printing_between_local_nets=false +allow_printing_between_local_nets=true allow_scanning_between_local_nets=true