| Line 180: |
Line 180: |
| | <noinclude> | | <noinclude> |
| | | | |
| − | ==Additional information on customizing iptables==
| |
| − | Create a custom-named service definition in the configuration database. you can see the [[DB_Variables_Configuration#Additional_information_on_customizing_iptables|DB configuration]]
| |
| − |
| |
| − | db configuration set <servicename> service
| |
| − |
| |
| − | Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules.
| |
| − |
| |
| − | db configuration setprop <servicename> TCPPort <portnumber>
| |
| − | db configuration setprop <servicename> TCPPorts <portnumbers>
| |
| − | db configuration setprop <servicename> UDPPort <portnumber>
| |
| − | db configuration setprop <servicename> UDPPorts <portnumbers>
| |
| − | db configuration setprop <servicename> status enabled|disabled
| |
| − | db configuration setprop <servicename> access public|private
| |
| − | db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
| |
| − | db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24
| |
| − |
| |
| − | Effectuate the changes you have made
| |
| − | signal-event remoteaccess-update
| |
| − |
| |
| − |
| |
| − | {| width="100%" border="1" cellpadding="5" cellspacing="0"
| |
| − | |+Affected file: /etc/rc.d/init.d/masq
| |
| − | !Variable
| |
| − | !Target
| |
| − | !Default
| |
| − | |-
| |
| − | |TCPPort
| |
| − | | --proto tcp --dport <Ports>
| |
| − | |Pre-configured for default services; no default for custom services
| |
| − | |-
| |
| − | |TCPPorts
| |
| − | | --proto tcp --dports <Ports>
| |
| − | |No default for custom services; Ranges of ports are defined with a : not a -
| |
| − | |-
| |
| − | |UDPPort
| |
| − | | --proto udp --dport <Ports>
| |
| − | |Pre-configured for default services; no default for custom services
| |
| − | |-
| |
| − | |UDPPorts
| |
| − | | --proto udp --dports <Ports>
| |
| − | |No default for custom services; Ranges of ports are defined with a : not a -
| |
| − | |-
| |
| − | |status
| |
| − | |enabled | disabled
| |
| − | |AllowHosts is set to "" (an empty string) unless the status is 'enabled'
| |
| − | |-
| |
| − | |access
| |
| − | |public | private
| |
| − | |AllowHosts is set to "" (an empty string) unless access is 'public'
| |
| − | |-
| |
| − | |AllowHosts
| |
| − | | --src ..... --jump ACCEPT
| |
| − | |Pre-configured for default services; no default for custom services. Default is '0.0.0.0/0' if service is ''enabled'' and ''public''.
| |
| − | |-
| |
| − | |DenyHosts
| |
| − | | --src ..... --jump denylog
| |
| − | |Pre-configured for default services; no default for custom services. If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq.
| |
| − | |}
| |
| | | | |
| | ---- | | ---- |
| | [[Category:Howto]] | | [[Category:Howto]] |
| | [[Category:Administration]]</noinclude> | | [[Category:Administration]]</noinclude> |
