3 # Which plugin to use for which type of data.
4 SERVICES_BACKEND="textdir"
6 ZONES_BACKEND="textdir"
8 INTERFACES_BACKEND="textdir"
10 RULES_BACKEND="textdir"
12 # Location of the rulesfile (full path).
13 RULESFILE="/etc/vuurmuur/rules.conf"
15 # Location of the blocklistfile (full path).
16 BLOCKLISTFILE="/etc/vuuurmuur/blocked.list"
18 # Location of the iptables-command (full path).
19 IPTABLES="/sbin/iptables"
21 # Location of the iptables-restore-command (full path).
22 IPTABLES_RESTORE="/sbin/iptables-restore"
24 # Location of the conntrack-command (full path).
25 CONNTRACK="/usr/sbin/conntrack"
27 # Location of the tc-command (full path).
30 # Location of the modprobe-command (full path).
31 MODPROBE="/sbin/modprobe"
33 # Maximum permissions for config and log files and directories.
36 # Load modules if needed? (yes/no)
39 # Wait after loading a module in 1/10th of a second
40 MODULES_WAIT_TIME="10"
42 # If set to yes, each rule will be loaded into the system individually using
43 # iptables. Otherwise iptables-restore will be used (yes/no).
44 OLD_CREATE_METHOD="No"
46 # The directory where the logs will be written to (full path).
47 LOGDIR="/var/log/vuurmuur"
49 # The logfile where the kernel writes the logs to e.g. /var/log/messages (full path).
50 SYSTEMLOG="/var/log/messages"
52 # The loglevel to use when logging traffic. For use with syslog.
55 # Check the dynamic interfaces for changes?
58 # Check every x seconds.
61 # LOG_POLICY controls the logging of the default policy.
64 # LOG_POLICY_LIMIT sets the maximum number of logs per second.
67 # LOG_BLOCKLIST enables/disables logging of items on the blocklist.
70 # LOG_INVALID enables/disables logging of INVALID traffic.
73 # LOG_NO_SYN enables/disables logging of new tcp packets without the SIN flag set.
76 # LOG_PROBES enables/disables logging of probes. Probes are packets that are used in portscans.
79 # LOG_FRAG enables/disables logging of fragmented packets.
82 # LOG_TCP_OPTIONS controls the logging of tcp options. This is.
83 # not used by Vuurmuur itself. PSAD 1.4.x uses it for OS-detection.
86 # SYN_LIMIT sets the maximum number of SYN-packets per second.
92 # UDP_LIMIT sets the maximum number of udp 'connections' per second.
98 # Protect against syn-flooding? (yes/no)
99 PROTECT_SYNCOOKIE="Yes"
100 # Ignore echo-broadcasts? (yes/no)
101 PROTECT_ECHOBROADCAST="Yes"