Changes

Jump to navigation Jump to search
2,288 bytes removed ,  20:06, 4 September 2013
Line 180: Line 180:  
<noinclude>
 
<noinclude>
   −
==Additional information on customizing iptables==
  −
Create a custom-named service definition in the configuration database. you can see the [[DB_Variables_Configuration#Additional_information_on_customizing_iptables|DB configuration]]
  −
  −
db configuration set <servicename> service
  −
  −
Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules.
  −
  −
db configuration setprop <servicename> TCPPort <portnumber>
  −
db configuration setprop <servicename> TCPPorts <portnumbers>
  −
db configuration setprop <servicename> UDPPort <portnumber>
  −
db configuration setprop <servicename> UDPPorts <portnumbers>
  −
db configuration setprop <servicename> status enabled|disabled
  −
db configuration setprop <servicename> access public|private
  −
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
  −
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24
  −
  −
Effectuate the changes you have made
  −
signal-event remoteaccess-update
  −
  −
  −
{| width="100%" border="1" cellpadding="5" cellspacing="0"
  −
|+Affected file: /etc/rc.d/init.d/masq
  −
!Variable
  −
!Target
  −
!Default
  −
|-
  −
|TCPPort
  −
| --proto tcp --dport <Ports>
  −
|Pre-configured for default services; no default for custom services
  −
|-
  −
|TCPPorts
  −
| --proto tcp --dports <Ports>
  −
|No default for custom services; Ranges of ports are defined with a : not a -
  −
|-
  −
|UDPPort
  −
| --proto udp --dport <Ports>
  −
|Pre-configured for default services; no default for custom services
  −
|-
  −
|UDPPorts
  −
| --proto udp --dports <Ports>
  −
|No default for custom services; Ranges of ports are defined with a : not a -
  −
|-
  −
|status
  −
|enabled | disabled
  −
|AllowHosts is set to "" (an empty string) unless the status is 'enabled'
  −
|-
  −
|access
  −
|public | private
  −
|AllowHosts is set to "" (an empty string) unless access is 'public'
  −
|-
  −
|AllowHosts
  −
| --src ..... --jump ACCEPT
  −
|Pre-configured for default services; no default for custom services.  Default is '0.0.0.0/0' if service is ''enabled'' and ''public''.
  −
|-
  −
|DenyHosts
  −
| --src ..... --jump denylog
  −
|Pre-configured for default services; no default for custom services.  If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq.
  −
|}
      
----
 
----
 
[[Category:Howto]]
 
[[Category:Howto]]
 
[[Category:Administration]]</noinclude>
 
[[Category:Administration]]</noinclude>

Navigation menu