firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://git.oopen.de/firewall/ipt-gateway

Browse Source
This commit is contained in:
root 2017-03-18 17:35:07 +01:00
commit d4ae628145
3 changed files with 29 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
INSTALL
View File

@ -16,17 +16,16 @@ cp ip6t-firewall-gateway /usr/local/sbin/
# --- # ---
mkdir -p /etc/ipt-firewall mkdir -p /etc/ipt-firewall
cp default_ports.conf \ cp conf/default_ports.conf \
include_functions.conf \ conf/include_functions.conf \
interfaces.conf \ conf/load_modules_ipv4.conf \
load_modules_ipv4.conf \ conf/load_modules_ipv6.conf \
load_modules_ipv6.conf \ conf/logging_ipv4.conf \
logging_ipv4.conf \ conf/logging_ipv6.conf \
logging_ipv6.conf \ conf/post_decalrations.conf /etc/ipt-firewall/
post_decalrations.conf /etc/ipt-firewall/
cp interfaces_ipv4.conf.sample /etc/ipt-firewall/interfaces_ipv4.conf cp conf/interfaces_ipv4.conf.sample /etc/ipt-firewall/interfaces_ipv4.conf
cp main_ipv4.conf.sample /etc/ipt-firewall/main_ipv4.conf cp conf/main_ipv4.conf.sample /etc/ipt-firewall/main_ipv4.conf
# - Adjust files # - Adjust files
# - /etc/ipt-firewall/interfaces_ipv4.conf # - /etc/ipt-firewall/interfaces_ipv4.conf

13
conf/main_ipv4.conf.sample
View File

@ -202,6 +202,7 @@ six_pop_server=deham01.sixxs.net
# ====== # ======
# - VPN Service on Gateway? # - VPN Service on Gateway?
# -
local_vpn_service=true local_vpn_service=true
vpn_gw_ports="1194 1195 1196" vpn_gw_ports="1194 1195 1196"
@ -222,6 +223,7 @@ declare -A vpn_server_dmz_arr
# - Local VPN Ports # - Local VPN Ports
# - # -
# - Blank separated list # - Blank separated list
# -
vpn_local_net_ports="1194" vpn_local_net_ports="1194"
@ -534,6 +536,7 @@ snmp_port="161"
# - NOT YET IMPLEMENTED # - NOT YET IMPLEMENTED
# - Mumble ports # - Mumble ports
# -
mumble_ports="64738" mumble_ports="64738"
@ -547,7 +550,7 @@ local_xymon_server=false
# - XyMon Service (usually TCP port 1984) # - XyMon Service (usually TCP port 1984)
# - # -
# - Comma separated list of ip's # - Blank separated list of ip's
# - # -
xymon_server_ips="" xymon_server_ips=""
local_xymon_client="" local_xymon_client=""
@ -754,6 +757,8 @@ brscan_port=54921
# - Dont't foregt to add ip-adresses also to http(s) service if the # - Dont't foregt to add ip-adresses also to http(s) service if the
# - systems provide webinterfaces! # - systems provide webinterfaces!
# - # -
# - Blank seoarated list
# -
tele_sys_ips="" tele_sys_ips=""
tele_sys_remote_sip_server_port=5060 tele_sys_remote_sip_server_port=5060
tele_sys_local_sip_server_port=5067 tele_sys_local_sip_server_port=5067
@ -809,7 +814,9 @@ other_services=""
# - # -
# - 192.168.64.55: Repeater TP-Link TL-WA850RE # - 192.168.64.55: Repeater TP-Link TL-WA850RE
# - # -
masquerade_tcp_cons="192.168.63.0/24:192.168.64.55:80:${local_if_1}" # - Blank separated list
# -
masquerade_tcp_cons=""
# ============= # =============
@ -961,6 +968,8 @@ allow_remote_mac_src_addresses=""
# - 61.160.0.0/16 - CHINANET-JS # - 61.160.0.0/16 - CHINANET-JS
# - 116.8.0.0/14 CHINANET-GX # - 116.8.0.0/14 CHINANET-GX
# - # -
# - Blank separated list
# -
blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14" blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"

14
conf/main_ipv6.conf.sample
View File

@ -198,6 +198,7 @@ forward_private_ips=""
# ====== # ======
# - VPN Service on Gateway? # - VPN Service on Gateway?
# -
local_vpn_service=true local_vpn_service=true
vpn_gw_ports="1194 1195 1196" vpn_gw_ports="1194 1195 1196"
@ -218,6 +219,7 @@ declare -A vpn_server_dmz_arr
# - Local VPN Ports # - Local VPN Ports
# - # -
# - Blank separated list # - Blank separated list
# -
vpn_local_net_ports="1194" vpn_local_net_ports="1194"
@ -280,7 +282,6 @@ ssh_server_only_local_ips=""
# - Multiple settins of this parameter is possible # - Multiple settins of this parameter is possible
# - # -
declare -A ssh_server_dmz_arr declare -A ssh_server_dmz_arr
ssh_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_static_1
# - SSH Ports # - SSH Ports
@ -339,7 +340,7 @@ declare -A http_ssl_server_dmz_arr
# - # -
# - comma separated list # - comma separated list
# - # -
http_ports="80,443" http_ports="$standard_http_ports"
# ====== # ======
@ -350,7 +351,7 @@ http_ports="80,443"
# - # -
# - NOT YET IMPLEMENTED # - NOT YET IMPLEMENTED
# - # -
#local_mail_service=false local_mail_service=false
# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks # - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
@ -378,7 +379,7 @@ declare -A mail_server_dmz_arr
# - # -
# - comma separated list # - comma separated list
# - # -
mail_user_ports="587,465,110,995,143,993" mail_user_ports="$standard_mailuser_ports"
# - Mail Server (local Networks) SMTP Port # - Mail Server (local Networks) SMTP Port
@ -518,6 +519,7 @@ snmp_port="161"
# - NOT YET IMPLEMENTED # - NOT YET IMPLEMENTED
# - Mumble ports # - Mumble ports
# -
mumble_ports="64738" mumble_ports="64738"
@ -739,6 +741,8 @@ brscan_port=54921
# - Dont't foregt to add ip-adresses also to http(s) service if the # - Dont't foregt to add ip-adresses also to http(s) service if the
# - systems provide webinterfaces! # - systems provide webinterfaces!
# - # -
# - Blank separated list
# -
tele_sys_ips="" tele_sys_ips=""
tele_sys_remote_sip_server_port=5060 tele_sys_remote_sip_server_port=5060
tele_sys_local_sip_server_port=5067 tele_sys_local_sip_server_port=5067
@ -864,7 +868,7 @@ vpn_out_ports="1194 1195 1196"
allow_ssh_between_local_nets=true allow_ssh_between_local_nets=true
allow_samba_between_local_nets=false allow_samba_between_local_nets=false
allow_ldap_between_local_nets=false allow_ldap_between_local_nets=false
allow_printing_between_local_nets=false allow_printing_between_local_nets=true
allow_scanning_between_local_nets=true allow_scanning_between_local_nets=true