Line 476: |
Line 476: |
| ''httpd-admin - sshd - smtpd - ssmtpd'' | | ''httpd-admin - sshd - smtpd - ssmtpd'' |
| }} | | }} |
| + | ''Additional information on customizing iptables'' |
| + | db configuration set <servicename> service |
| + | db configuration setprop <servicename> TCPPort <portnumber> |
| + | db configuration setprop <servicename> UDPPort <portnumber> |
| + | db configuration setprop <servicename> status enabled|disabled |
| + | db configuration setprop <servicename> access public|private |
| + | db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24 |
| + | db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24 |
| + | signal-event remoteaccess-update |
| + | |
| + | The first line creates a custom-named service definition in the configuration database. |
| + | The succeeding lines can be used to apply your desired firewall restrictions to any existing SME 'service' |
| + | or to a custom-named service that you have created. |
| + | Combine a custom-named service with port-forwarding to create customized firewall rules. |
| + | {| style="color:brown;background-color:#ffffcc;" border="1" cellpadding="5" cellspacing="0" |
| + | |+Affected file: /etc/rc.d/init.d/masq |
| + | !Variable |
| + | !Target |
| + | !Default |
| + | |- |
| + | |TCPPort |
| + | | --proto tcp --dport <Ports> |
| + | |Pre-configured for default services; no default for custom services |
| + | |- |
| + | |UDPPort |
| + | | --proto udp --dport <Ports> |
| + | |Pre-configured for default services; no default for custom services |
| + | |- |
| + | |status |
| + | |enabled | disabled |
| + | |AllowHosts is set to "" (an empty string) unless the status is 'enabled' |
| + | |- |
| + | |access |
| + | |public | private |
| + | |AllowHosts is set to "" (an empty string) unless access is 'public' |
| + | |- |
| + | |AllowHosts |
| + | | --src ..... --jump ACCEPT |
| + | |Pre-configured for default services; no default for custom services. Default is '0.0.0.0/0' if service is ''enabled'' and ''public''. |
| + | |- |
| + | |DenyHosts |
| + | | --src ..... --jump denylog |
| + | |Pre-configured for default services; no default for custom services. If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq. |
| + | |} |
| | | |
| ==== SpamAssasin ==== | | ==== SpamAssasin ==== |