687
edits
Changes
Jump to navigation
Jump to search
Line 476:
Line 476: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
→IPTables firewall (masq)
''httpd-admin - sshd - smtpd - ssmtpd''
''httpd-admin - sshd - smtpd - ssmtpd''
}}
}}
''Additional information on customizing iptables''
db configuration set <servicename> service
db configuration setprop <servicename> TCPPort <portnumber>
db configuration setprop <servicename> UDPPort <portnumber>
db configuration setprop <servicename> status enabled|disabled
db configuration setprop <servicename> access public|private
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24
signal-event remoteaccess-update
The first line creates a custom-named service definition in the configuration database.
The succeeding lines can be used to apply your desired firewall restrictions to any existing SME 'service'
or to a custom-named service that you have created.
Combine a custom-named service with port-forwarding to create customized firewall rules.
{| style="color:brown;background-color:#ffffcc;" border="1" cellpadding="5" cellspacing="0"
|+Affected file: /etc/rc.d/init.d/masq
!Variable
!Target
!Default
|-
|TCPPort
| --proto tcp --dport <Ports>
|Pre-configured for default services; no default for custom services
|-
|UDPPort
| --proto udp --dport <Ports>
|Pre-configured for default services; no default for custom services
|-
|status
|enabled | disabled
|AllowHosts is set to "" (an empty string) unless the status is 'enabled'
|-
|access
|public | private
|AllowHosts is set to "" (an empty string) unless access is 'public'
|-
|AllowHosts
| --src ..... --jump ACCEPT
|Pre-configured for default services; no default for custom services. Default is '0.0.0.0/0' if service is ''enabled'' and ''public''.
|-
|DenyHosts
| --src ..... --jump denylog
|Pre-configured for default services; no default for custom services. If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq.
|}
==== SpamAssasin ====
==== SpamAssasin ====