Changes

From SME Server
Jump to navigationJump to search

Firewall (view source)

Revision as of 22:30, 3 January 2018

547 bytes added ,  22:30, 3 January 2018
→‎Additional information on customizing iptables: expected values and role for variables
Line 51: Line 51:  
  signal-event remoteaccess-update
 
  signal-event remoteaccess-update
   −
 
+
{| border="1" width="100%" cellspacing="0" cellpadding="5"
{| width="100%" border="1" cellpadding="5" cellspacing="0"
   
|+Affected file: /etc/rc.d/init.d/masq
 
|+Affected file: /etc/rc.d/init.d/masq
 
!Variable
 
!Variable
 
!Target
 
!Target
 
!Default
 
!Default
 +
!Expected values
 
|-
 
|-
 
|TCPPort
 
|TCPPort
 
| --proto tcp --dport <Ports>
 
| --proto tcp --dport <Ports>
 
|Pre-configured for default services; no default for custom services
 
|Pre-configured for default services; no default for custom services
 +
|empty or a numerical or coma separated numbers 
 
|-
 
|-
 
|TCPPorts
 
|TCPPorts
 
| --proto tcp --dports <Ports>
 
| --proto tcp --dports <Ports>
 
|No default for custom services; Ranges of ports are defined with a : not a -
 
|No default for custom services; Ranges of ports are defined with a : not a -
 +
|empty or a numerical or coma separated numbers 
 
|-
 
|-
 
|UDPPort
 
|UDPPort
 
| --proto udp --dport <Ports>
 
| --proto udp --dport <Ports>
 
|Pre-configured for default services; no default for custom services
 
|Pre-configured for default services; no default for custom services
 +
|empty or a numerical or coma separated numbers 
 
|-
 
|-
 
|UDPPorts
 
|UDPPorts
 
| --proto udp --dports <Ports>
 
| --proto udp --dports <Ports>
 
|No default for custom services; Ranges of ports are defined with a : not a -
 
|No default for custom services; Ranges of ports are defined with a : not a -
 +
|empty or a numerical or coma separated numbers 
 
|-
 
|-
 
|status
 
|status
|enabled | disabled
+
| enabled | disabled
 
|AllowHosts is set to "" (an empty string) unless the status is 'enabled'
 
|AllowHosts is set to "" (an empty string) unless the status is 'enabled'
 +
|'enabled' or 'disabled'
 
|-
 
|-
 
|access
 
|access
|public | private
+
| public | private
 
|AllowHosts is set to "" (an empty string) unless access is 'public'
 
|AllowHosts is set to "" (an empty string) unless access is 'public'
 +
|'private' for localhost and local network only (Server and gateway mode), 'public' for everywhere, 'localhost' for localhost only
 
|-
 
|-
 
|AllowHosts
 
|AllowHosts
 
| --src ..... --jump ACCEPT
 
| --src ..... --jump ACCEPT
 
|Pre-configured for default services; no default for custom services.  Default is '0.0.0.0/0' if service is ''enabled'' and ''public''.
 
|Pre-configured for default services; no default for custom services.  Default is '0.0.0.0/0' if service is ''enabled'' and ''public''.
 +
|IP and netmask  with this format 0.0.0.0/0, or coma separated list of these elements
 
|-
 
|-
 
|DenyHosts
 
|DenyHosts
 
| --src ..... --jump denylog
 
| --src ..... --jump denylog
 
|Pre-configured for default services; no default for custom services.  If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq.
 
|Pre-configured for default services; no default for custom services.  If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq.
 +
|IP and netmask  with this format 0.0.0.0/0, or coma separated list of these elements
 
|}
 
|}
   Line 243: Line 251:  
[[Category:Howto]]
 
[[Category:Howto]]
 
[[Category:Administration]]
 
[[Category:Administration]]
[[Category:Security]]</noinclude>
+
[[Category:Security]]
 +
</noinclude>
Unnilennium
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,258

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/34355"

Navigation menu