Changes

Jump to navigation Jump to search
2,290 bytes added ,  20:07, 4 September 2013
Line 31: Line 31:  
  signal-event post-upgrade
 
  signal-event post-upgrade
 
  signal-event reboot
 
  signal-event reboot
 +
===Additional information on customizing iptables===
 +
Create a custom-named service definition in the configuration database. you can see the [[DB_Variables_Configuration#Additional_information_on_customizing_iptables|DB configuration]]
 +
 +
db configuration set <servicename> service
 +
 +
Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules.
 +
 +
db configuration setprop <servicename> TCPPort <portnumber>
 +
db configuration setprop <servicename> TCPPorts <portnumbers>
 +
db configuration setprop <servicename> UDPPort <portnumber>
 +
db configuration setprop <servicename> UDPPorts <portnumbers>
 +
db configuration setprop <servicename> status enabled|disabled
 +
db configuration setprop <servicename> access public|private
 +
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
 +
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24
 +
 +
Effectuate the changes you have made
 +
signal-event remoteaccess-update
 +
 +
 +
{| width="100%" border="1" cellpadding="5" cellspacing="0"
 +
|+Affected file: /etc/rc.d/init.d/masq
 +
!Variable
 +
!Target
 +
!Default
 +
|-
 +
|TCPPort
 +
| --proto tcp --dport <Ports>
 +
|Pre-configured for default services; no default for custom services
 +
|-
 +
|TCPPorts
 +
| --proto tcp --dports <Ports>
 +
|No default for custom services; Ranges of ports are defined with a : not a -
 +
|-
 +
|UDPPort
 +
| --proto udp --dport <Ports>
 +
|Pre-configured for default services; no default for custom services
 +
|-
 +
|UDPPorts
 +
| --proto udp --dports <Ports>
 +
|No default for custom services; Ranges of ports are defined with a : not a -
 +
|-
 +
|status
 +
|enabled | disabled
 +
|AllowHosts is set to "" (an empty string) unless the status is 'enabled'
 +
|-
 +
|access
 +
|public | private
 +
|AllowHosts is set to "" (an empty string) unless access is 'public'
 +
|-
 +
|AllowHosts
 +
| --src ..... --jump ACCEPT
 +
|Pre-configured for default services; no default for custom services.  Default is '0.0.0.0/0' if service is ''enabled'' and ''public''.
 +
|-
 +
|DenyHosts
 +
| --src ..... --jump denylog
 +
|Pre-configured for default services; no default for custom services.  If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq.
 +
|}
    
==Custom templates==
 
==Custom templates==

Navigation menu