113 lines
2.6 KiB
Bash
113 lines
2.6 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
|
|
# =============
|
|
# --- Basic behavior
|
|
# =============
|
|
|
|
# ---
|
|
# - Services allowed out to the world wide web
|
|
# ---
|
|
|
|
allow_ssh_request_out=true
|
|
allow_http_request_out=true
|
|
allow_smtp_request_out=true
|
|
allow_mail_request_out=true
|
|
allow_ftp_request_out=true
|
|
allow_tftp_request_out=true
|
|
allow_ntp_request_out=true
|
|
allow_timeserver_request_out=true
|
|
allow_pgpserver_request_out=true
|
|
allow_telnet_request_out=true
|
|
allow_whois_request_out=true
|
|
allow_cpan_wait_request_out=true
|
|
allow_hbci_request_out=true
|
|
allow_jabber_request_out=true
|
|
allow_silc_request_out=true
|
|
allow_irc_request_out=true
|
|
allow_mysql_request_out=true
|
|
allow_ipmi_request_out=true
|
|
allow_remote_console_request_out=true
|
|
allow_mumble_request_out=true
|
|
allow_outbound_streaming=true
|
|
allow_echo360_video_streaming=true
|
|
allow_bigbluebutton_video_conference_out=true
|
|
allow_ms_skype_teams_out=true
|
|
allow_webex_video_conference_out=true
|
|
allow_zoom_video_conference_out=true
|
|
allow_jitsi_video_conference_out=true
|
|
allow_alfaview_video_conference_out=true
|
|
allow_nc_turn_video_conference_out=true
|
|
|
|
allow_samba_requests_out=true
|
|
allow_ldap_requests_out=true
|
|
|
|
allow_vpn_out=true
|
|
|
|
# WireGuard
|
|
#
|
|
allow_wg_out=true
|
|
|
|
allow_cisco_vpn_out=true
|
|
|
|
|
|
# Gaming
|
|
#
|
|
# Playstation (PS), Xbox, FiFa
|
|
#
|
|
allow_game_xbox_one_out=false
|
|
allow_game_xbox_360_out=false
|
|
allow_game_ps3_out=false
|
|
allow_game_ps4_out=false
|
|
allow_game_fifa21_out=false
|
|
|
|
# Gameing Steam
|
|
#
|
|
allow_game_steam_out=false
|
|
|
|
|
|
# ---
|
|
# - Services allowed between local networks
|
|
# ---
|
|
|
|
# - These Parameters are only considered, if traffic
|
|
# - between local networks are not permitted, thats
|
|
# - if 'permit_between_local_networks=false' (see below).
|
|
# -
|
|
allow_ssh_between_local_nets=true
|
|
allow_samba_between_local_nets=false
|
|
allow_ldap_between_local_nets=false
|
|
allow_printing_between_local_nets=true
|
|
allow_scanning_between_local_nets=true
|
|
|
|
|
|
# ---
|
|
# - Other Parameters
|
|
# ---
|
|
|
|
# - Permit internet access to all machines at local network
|
|
# - Does not include this server itself
|
|
# -
|
|
permit_local_net_to_inet=false
|
|
|
|
# - Do not block any traffic between local machines
|
|
# -
|
|
permit_between_local_networks=false
|
|
|
|
# - Do not block any ICMP traffic
|
|
# -
|
|
permit_all_icmp_traffic=true
|
|
|
|
# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
|
|
# -
|
|
# - Maybe useful for testing purpose with telnet or openssl
|
|
# -
|
|
provide_mailservice_from_local=true
|
|
|
|
# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks.
|
|
# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP,
|
|
# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
|
|
# -
|
|
create_iperf_rules=false
|
|
|