SRFirewall/etc/ipv4.conf

83 lines
2.8 KiB
Plaintext

# IPv4 Specific Configuration File
#
# Allow everything over loopback (lo/127.0.0.0/8)
# Good idea to keep this turned on, but if you so wish to,
# you can disable it here.
# Values: no | yes (default)
AllowAllv4Loopback="yes"
# Very early on rules to allow for trusted machines to access
# this machine. Rather important and helps keep you from getting
# locked out should the firewalling rules go bad.
#
# IMPORTANT: Hosts put in the trusted file will have complete
# and unfettered access to the host, ignoring all other rules.
#
# Config file: ipv4/trusted.conf
# Values: no | yes (default)
EnableTrustedv4Hosts="yes"
# Enable MSS clamping to work around MTU size issues
# on network links such as PPPoE and wireless
# Config file: ipv4/mss-clamp.conf
# Values: no | yes (default)
Enablev4MSSClamp="yes"
# Enable connection tracking features of netfilter/iptables
# conntracking allows the firewall to be smart about what
# packets it allows and refuses. On highly loaded systems or
# ones with low memory, this may be desirable. Everyone else
# should probably leave this on.
# Depended on by: Enablev4NAT
# Values: no | yes (default)
Enablev4ConnectionTracking="yes"
# Use /etc/resolv.conf as source for DNS servers that we communicate
# with as a client. If you turn this off (recommended if on static IP),
# then you will need to manually define the DNS servers you use.
# Without conntrack rules allowing established/related, DNS traffic may
# be blocked and cause issues.
# Values: no | yes (default)
DNSClientUsev4ResolvConf="yes"
ResolvConfv4File="/etc/resolv.conf"
# Uncomment below if you set above to no. You can still manually define your servers
# here if you want. Useful at times.
# Values: space separated IP list of DNS servers
#DNSClientManualv4Servers=""
# Enable the Services access list
# This allows you to define services on the local
# machine that you want to be accessible to the world.
# Config file: ipv4/services.conf
# Values: no | yes (default)
Enablev4Services="yes"
# Enable the EasyBlock access list
# This is a simple/easy way to block traffic in or out,
# no complex options. Use the Filter options for more
# complex ACLs
# Config file: ipv4/easyblock.conf
# Values: no | yes (default)
Enablev4EasyBlock="yes"
# Enable IPv4 filtering rules
# This allows you to define complex access control list /
# filtering rules.
# Config file: ipv4/acl.conf
# Values: no | yes (default)
Enablev4Filtering="yes"
# Enable IPv4 forwarding rules
# This allows you to define forwarding rules
# Config file: ipv4/forward.conf
# Values: No | yes (default)
Enablev4Forwarding="yes"
# Enable IPv4 NAT/NETMAP rules
# This allows you to set up NAT rules, SNAT, MASQ, and NETMAP
# Config file: ipv4/nat.conf
# Requires: Enablev4ConnectionTracking="yes"
# Values: no | yes (default)
Enablev4NAT="yes"