Changes

Jump to navigation Jump to search

DB Variables Configuration (view source)

Revision as of 14:24, 19 June 2007

1,855 bytes added ,  14:24, 19 June 2007
→‎IPTables firewall (masq)
Line 476: Line 476:  
''httpd-admin - sshd - smtpd - ssmtpd''
 
''httpd-admin - sshd - smtpd - ssmtpd''
 
}}
 
}}
 +
''Additional information on customizing iptables''
 +
db configuration set <servicename> service
 +
db configuration setprop <servicename> TCPPort <portnumber>
 +
db configuration setprop <servicename> UDPPort <portnumber>
 +
db configuration setprop <servicename> status enabled|disabled
 +
db configuration setprop <servicename> access public|private
 +
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
 +
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24
 +
signal-event remoteaccess-update
 +
 +
The first line creates a custom-named service definition in the configuration database.
 +
The succeeding lines can be used to apply your desired firewall restrictions to any existing SME 'service'
 +
or to a custom-named service that you have created.
 +
Combine a custom-named service with port-forwarding to create customized firewall rules.
 +
{| style="color:brown;background-color:#ffffcc;" border="1" cellpadding="5" cellspacing="0"
 +
|+Affected file: /etc/rc.d/init.d/masq
 +
!Variable
 +
!Target
 +
!Default
 +
|-
 +
|TCPPort
 +
| --proto tcp --dport <Ports>
 +
|Pre-configured for default services; no default for custom services
 +
|-
 +
|UDPPort
 +
| --proto udp --dport <Ports>
 +
|Pre-configured for default services; no default for custom services
 +
|-
 +
|status
 +
|enabled | disabled
 +
|AllowHosts is set to "" (an empty string) unless the status is 'enabled'
 +
|-
 +
|access
 +
|public | private
 +
|AllowHosts is set to "" (an empty string) unless access is 'public'
 +
|-
 +
|AllowHosts
 +
| --src ..... --jump ACCEPT
 +
|Pre-configured for default services; no default for custom services.  Default is '0.0.0.0/0' if service is ''enabled'' and ''public''.
 +
|-
 +
|DenyHosts
 +
| --src ..... --jump denylog
 +
|Pre-configured for default services; no default for custom services.  If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq.
 +
|}
    
==== SpamAssasin ====
 
==== SpamAssasin ====
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/4004"

Navigation menu