#!/usr/bin/env bash # ============= # --- Basic behavior # ============= # --- # - Services allowed out to the world wide web # --- allow_ssh_request_out=true allow_http_request_out=true allow_smtp_request_out=true allow_mail_request_out=true allow_ftp_request_out=true allow_tftp_request_out=true allow_ntp_request_out=true allow_timeserver_request_out=true allow_pgpserver_request_out=true allow_telnet_request_out=true allow_whois_request_out=true allow_cpan_wait_request_out=true allow_hbci_request_out=true allow_jabber_request_out=true allow_silc_request_out=true allow_irc_request_out=true allow_mysql_request_out=true allow_ipmi_request_out=true allow_remote_console_request_out=true allow_mumble_request_out=true allow_outbound_streaming=true allow_echo360_video_streaming=true allow_bigbluebutton_video_conference_out=true allow_ms_skype_teams_out=true allow_webex_video_conference_out=true allow_zoom_video_conference_out=true allow_jitsi_video_conference_out=true allow_alfaview_video_conference_out=true allow_nc_talk_out=true allow_samba_requests_out=true allow_vpn_out=true # WireGuard # allow_wg_out=true allow_cisco_vpn_out=true # Gaming # # Playstation (PS), Xbox, FiFa # allow_game_xbox_one_out=false allow_game_xbox_360_out=false allow_game_ps3_out=false allow_game_ps4_out=false allow_game_fifa21_out=false # --- # - Services allowed between local networks # --- # - These Parameters are only considered, if traffic # - between local networks are not permitted, thats # - if 'permit_between_local_networks=false' (see below). # - allow_ssh_between_local_nets=true allow_samba_between_local_nets=false allow_ldap_between_local_nets=false allow_printing_between_local_nets=true allow_scanning_between_local_nets=true # --- # - Other Parameters # --- # - Permit internet access to all machines at local network # - Does not include this server itself # - permit_local_net_to_inet=false # - Do not block any traffic between local machines # - permit_between_local_networks=false # - Do not block any ICMP traffic # - permit_all_icmp_traffic=true # - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine. # - # - Maybe useful for testing purpose with telnet or openssl # - provide_mailservice_from_local=true # - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. # - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, # - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters. # - create_iperf_rules=false