Changes

Jump to navigation Jump to search
2,462 bytes added ,  20:25, 24 July 2019
Line 47: Line 47:  
  weak-modules  --add-kernel
 
  weak-modules  --add-kernel
 
=== Configuration ===
 
=== Configuration ===
The easiest way should be to go to server manager and use the panel.
+
The easiest way should be to go to server manager and use the panel. There you will be able to :
 +
* configure a global filter list of country. You can either only accept the defined countries or reject the defined countries.
 +
* configure a per service (port), exclusion list. Similarly you can  either only accept the defined countries or reject the defined countries.
 +
* configure whether you want the global filter override the per service rule, or only filter all other ports withotu a specific geoip rule.
    +
The server-manager offers also after the first 24 hours statistics.
 +
 +
==== global masq properties ====
 
you can list the available configuration with the following command :
 
you can list the available configuration with the following command :
 
  config show masq
 
  config show masq
Line 61: Line 67:  
|-
 
|-
 
|BadCountries
 
|BadCountries
|A1
+
|
 
|coma separated strings
 
|coma separated strings
|list of 2 letters countries to block
+
|list of 2 letters countries to block for the global filter. If empty the global filter is deactivated.
 
|-
 
|-
 
|GeoIP
 
|GeoIP
 
|enabled
 
|enabled
 
|enabled,disabled
 
|enabled,disabled
 +
|enable or disable all the geoip filtering services. (ie per service AND global rules)
 +
|-
 +
|XtServices
 +
|imaps,pop3s,sshd,ftp,ssmtpd
 +
|coma separated strings
 +
|list of existing services in configuration db with defined TCPPorts. You can manually override the list to add your own services, but they need to be configured in the configuration db
 +
|-
 +
|XTGeoipRev
 +
|disabled
 +
|enabled,disabled
 +
|if enabled the "BadCountries" list will be reversed match, in other words only countries in this list will be allowed. If the property is empty or missing, its value is defaulted to disabled.
 +
|-
 +
|XTGeoipOther
 +
|disabled
 +
|enabled,disabled
 +
|if enabled the global rule will apply only to services/ports with a specific geoip defined rule. If the property is empty or missing, its value is defaulted to disabled.
 
|}
 
|}
    
NOTE: masq is a the entry fo the SME firewall, there are plenty of other property for this key, please refer to manual. Only properties added by this contrib are referenced here.
 
NOTE: masq is a the entry fo the SME firewall, there are plenty of other property for this key, please refer to manual. Only properties added by this contrib are referenced here.
 +
 +
NOTE2: Only XtServices is not configurable using the Server-Manager
 +
 +
==== per service properties ====
 +
you can list the available configuration with the following command :
 +
config show servicename
 +
 +
For the different services you will also encounter those properties
 +
{| class="wikitable"
 +
!property
 +
!default
 +
!values
 +
!
 +
|-
 +
|BadCountries
 +
|A1
 +
|coma separated strings
 +
|list of 2 letters countries to block for this specific service. If empty the global filter is deactivated.
 +
|-
 +
|XTGeoipRev
 +
|disabled
 +
|enabled,disabled
 +
|if enabled the "BadCountries" list will be reversed match, in other words only countries in this list will be allowed. If the property is empty or missing, its value is defaulted to disabled.
 +
|-
 +
|XTGeoipOther
 +
|disabled
 +
|enabled,disabled
 +
|if enabled the global rule will apply only to services/ports with a specific geoip defined rule. If the property is empty or missing, its value is defaulted to disabled.
 +
|}
 +
 +
NOTE: All services have their own specific properties, please refer to manual. Only properties added by this contrib are referenced here.
    
=== Abbreviated Country Code List ===
 
=== Abbreviated Country Code List ===
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,254

edits

Navigation menu