Browse Source

Move config files to conf/ directory to clean up clutter, still leave options in main dir.

master
bbruns 12 years ago
parent
commit
d94d400411
  1. 5
      ChangeLog
  2. 0
      conf/ipv4-blocked.default
  3. 0
      conf/ipv4-marks.default
  4. 0
      conf/ipv4-routing.default
  5. 0
      conf/ipv6-blocked.default
  6. 0
      conf/ipv6-marks.default
  7. 0
      conf/port-forwards.default
  8. 0
      conf/postrun.default
  9. 0
      conf/prerun.default
  10. 7
      include/static
  11. 18
      options.default

5
ChangeLog

@ -1,3 +1,8 @@
0.9.11 - Brielle Bruns <bruns@2mbt.com>
- Move some of the config clutter to conf/ - you can
put your config files anywhere, but by default, they're
now going to be in conf/
0.9.10 - Brielle Bruns <bruns@2mbit.com>
- Move clamp mss up earlier in the rules to possibly
fix an issue I noticed during testing

0
ipv4-blocked.default → conf/ipv4-blocked.default

0
ipv4-marks.default → conf/ipv4-marks.default

0
ipv4-routing.default → conf/ipv4-routing.default

0
ipv6-blocked.default → conf/ipv6-blocked.default

0
ipv6-marks.default → conf/ipv6-marks.default

0
port-forwards.default → conf/port-forwards.default

0
postrun.default → conf/postrun.default

0
prerun.default → conf/prerun.default

7
include/static

@ -25,12 +25,13 @@
# These defines are here to help pre-1.0 users easily upgrade, defines critical defaults
# that would otherwise require remaking their options file. I leave this on by default,
# but if you want to make sure you have a current options file, define this to 0.
if [[ "$COMPAT_CONFIG" == "1" ]]; then
MODPROBE=`which modprobe`
PRERUN="$BASEDIR/prerun"
POSTRUN="$BASEDIR/postrun"
fi
PRERUN="$BASEDIR/prerun"
POSTRUN="$BASEDIR/postrun"
# ANSI color sequences
BLUE="\E[34m"
@ -54,4 +55,4 @@ NF_MULTIPORT="xt_multiport"
NF_MULTIPORT_MAX_PORTS="7"
# RFC 1918 Space
RFC1918_SPACE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
RFC1918_SPACE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"

18
options.default

@ -21,6 +21,10 @@ MODPROBE=/sbin/modprobe
# Extra modules to load such as ftp connection tracking
#MODULES_LOAD="nf_conntrack_ftp nf_conntrack_h323 nf_conntrack_irc nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_proto_sctp nf_conntrack_proto_udplite nf_conntrack_sip nf_conntrack_tftp nf_conntrack_sane"
# Run commands before/after rules
PRERUN="$BASEDIR/conf/prerun"
POSTRUN="$BASEDIR/conf/postrun"
# Do we want NAT/Conntrack/Forward features?
#NAT=1
#CONNTRACK=1
@ -41,7 +45,7 @@ MODPROBE=/sbin/modprobe
#INTINF=ppp+
# Port forwardings, requires NAT
#PORTFW=$BASEDIR/port-forwards
#PORTFW=$BASEDIR/conf/port-forwards
# Multiport support?
# yes/no/auto (auto will try to detect if we support multiport or not,
@ -72,10 +76,10 @@ TRUSTEDIP="127.0.0.1"
DONTTRACK="127.0.0.1"
# IP range(s) to forward
#ROUTING=$BASEDIR/ipv4-routing
#ROUTING=$BASEDIR/conf/ipv4-routing
# Mark ipv4 packets for advanced purposes
#IPv4_MARK=$BASEDIR/ipv4-marks
#IPv4_MARK=$BASEDIR/conf/ipv4-marks
# IP NAT Rules
# SNAT:<INT IF>:<INT IP>:<EXT IF>:<EXT IP>
@ -103,7 +107,7 @@ HACK_IPV4="NS-IN-DDOS"
# IP Ranges to block all traffic incoming/outgoing
# New functionality in 0.9.8 obsoletes BLOCKTCPPORTS and BLOCKUDPPORTS
BLOCKEDIP=$BASEDIR/ipv4-blocked
BLOCKEDIP=$BASEDIR/conf/ipv4-blocked
# Strip ECN off of packets - helps with blackholes
# Either individual IPs or 0.0.0.0/0
@ -145,13 +149,13 @@ BLOCKEDIP=$BASEDIR/ipv4-blocked
#IPV6_ROUTEDCLIENTBLOCK=1
# IP range(s) to forward
#IPV6_ROUTING=$BASEDIR/ipv6-routing
#IPV6_ROUTING=$BASEDIR/conf/ipv6-routing
# Mark ipv6 packets for advanced purposes
#IPV6_MARK=$BASEDIR/ipv6-marks
#IPV6_MARK=$BASEDIR/conf/ipv6-marks
# IPv6 Ranges to block all traffic incoming/outgoing
#IPV6_BLOCKEDIP=$BASEDIR/ipv6-blocked
#IPV6_BLOCKEDIP=$BASEDIR/conf/ipv6-blocked
# Clamp MSS, useful on DSL/VPN links
# Space separated list of interfaces to apply this on

Loading…
Cancel
Save