3 # Which plugin to use for which type of data.
4 SERVICES_BACKEND="textdir"
6 ZONES_BACKEND="textdir"
8 INTERFACES_BACKEND="textdir"
10 RULES_BACKEND="textdir"
12 # Location of the rulesfile (full path).
13 RULESFILE="/etc/vuurmuur/rules.conf"
15 # Location of the blocklistfile (full path).
16 BLOCKLISTFILE="/etc/vuuurmuur/blocked.list"
18 # Location of the iptables-command (full path).
19 IPTABLES="/sbin/iptables"
21 # Location of the iptables-restore-command (full path).
22 IPTABLES_RESTORE="/sbin/iptables-restore"
24 # Location of the conntrack-command (full path).
27 # Location of the tc-command (full path).
30 # Location of the modprobe-command (full path).
31 MODPROBE="/sbin/modprobe"
33 # Load modules if needed? (yes/no)
36 # Wait after loading a module in 1/10th of a second
37 MODULES_WAIT_TIME="10"
39 # If set to yes, each rule will be loaded into the system individually using
40 # iptables. Otherwise iptables-restore will be used (yes/no).
41 OLD_CREATE_METHOD="No"
43 # The directory where the logs will be written to (full path).
44 LOGDIR="/var/log/vuurmuur"
46 # The logfile where the kernel writes the logs to e.g. /var/log/messages (full path).
47 SYSTEMLOG="/var/log/messages"
49 # The loglevel to use when logging traffic. For use with syslog.
52 # Check the dynamic interfaces for changes?
55 # Check every x seconds.
58 # LOG_POLICY controls the logging of the default policy.
61 # LOG_POLICY_LIMIT sets the maximum number of logs per second.
64 # LOG_BLOCKLIST enables/disables logging of items on the blocklist.
67 # LOG_INVALID enables/disables logging of INVALID traffic.
70 # LOG_NO_SYN enables/disables logging of new tcp packets without the SIN flag set.
73 # LOG_PROBES enables/disables logging of probes. Probes are packets that are used in portscans.
76 # LOG_FRAG enables/disables logging of fragmented packets.
79 # LOG_TCP_OPTIONS controls the logging of tcp options. This is.
80 # not used by Vuurmuur itself. PSAD 1.4.x uses it for OS-detection.
83 # SYN_LIMIT sets the maximum number of SYN-packets per second.
89 # UDP_LIMIT sets the maximum number of udp 'connections' per second.
95 # Protect against syn-flooding? (yes/no)
96 PROTECT_SYNCOOKIE="Yes"
97 # Ignore echo-broadcasts? (yes/no)
98 PROTECT_ECHOBROADCAST="Yes"