From 8428f82f45554fea7a86c22ad41316e88efbd033 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 16 Apr 2009 11:26:59 +0200 Subject: [PATCH] vuurmuur: Add default configuration. --- etc/default/vuurmuur | 10 +++ etc/vuurmuur/config.conf | 100 +++++++++++++++++++++++++++++ etc/vuurmuur/interfaces/.keep | 0 etc/vuurmuur/plugins/textdir.conf | 1 + etc/vuurmuur/rules/.keep | 0 etc/vuurmuur/services/.keep | 0 etc/vuurmuur/services/cvs | 9 +++ etc/vuurmuur/services/dns | 11 ++++ etc/vuurmuur/services/ftp | 12 ++++ etc/vuurmuur/services/http | 11 ++++ etc/vuurmuur/services/https | 11 ++++ etc/vuurmuur/services/ident | 7 ++ etc/vuurmuur/services/imap | 11 ++++ etc/vuurmuur/services/imaps | 3 + etc/vuurmuur/services/irc | 8 +++ etc/vuurmuur/services/jabber | 7 ++ etc/vuurmuur/services/ldap | 4 ++ etc/vuurmuur/services/lisa | 11 ++++ etc/vuurmuur/services/msn | 11 ++++ etc/vuurmuur/services/mysql | 3 + etc/vuurmuur/services/news | 7 ++ etc/vuurmuur/services/ntp | 5 ++ etc/vuurmuur/services/pcanywhere | 7 ++ etc/vuurmuur/services/ping | 11 ++++ etc/vuurmuur/services/pop3 | 11 ++++ etc/vuurmuur/services/pop3s | 7 ++ etc/vuurmuur/services/pptp | 6 ++ etc/vuurmuur/services/razor | 8 +++ etc/vuurmuur/services/rdp | 7 ++ etc/vuurmuur/services/rsync | 3 + etc/vuurmuur/services/samba | 15 +++++ etc/vuurmuur/services/smtp | 11 ++++ etc/vuurmuur/services/socks | 17 +++++ etc/vuurmuur/services/squid-proxy | 8 +++ etc/vuurmuur/services/ssh | 14 ++++ etc/vuurmuur/services/syslog | 9 +++ etc/vuurmuur/services/telnet | 11 ++++ etc/vuurmuur/services/traceroute | 17 +++++ etc/vuurmuur/services/upnp | 7 ++ etc/vuurmuur/services/usermin | 9 +++ etc/vuurmuur/services/vnc | 7 ++ etc/vuurmuur/services/webmin | 9 +++ etc/vuurmuur/services/whois | 7 ++ etc/vuurmuur/services/windowsmedia | 3 + etc/vuurmuur/vuurmuur_conf.conf | 23 +++++++ etc/vuurmuur/zones/.keep | 0 46 files changed, 469 insertions(+) create mode 100644 etc/default/vuurmuur create mode 100644 etc/vuurmuur/config.conf create mode 100644 etc/vuurmuur/interfaces/.keep create mode 100644 etc/vuurmuur/plugins/textdir.conf create mode 100644 etc/vuurmuur/rules/.keep create mode 100644 etc/vuurmuur/services/.keep create mode 100644 etc/vuurmuur/services/cvs create mode 100644 etc/vuurmuur/services/dns create mode 100644 etc/vuurmuur/services/ftp create mode 100644 etc/vuurmuur/services/http create mode 100644 etc/vuurmuur/services/https create mode 100644 etc/vuurmuur/services/ident create mode 100644 etc/vuurmuur/services/imap create mode 100644 etc/vuurmuur/services/imaps create mode 100644 etc/vuurmuur/services/irc create mode 100644 etc/vuurmuur/services/jabber create mode 100644 etc/vuurmuur/services/ldap create mode 100644 etc/vuurmuur/services/lisa create mode 100644 etc/vuurmuur/services/msn create mode 100644 etc/vuurmuur/services/mysql create mode 100644 etc/vuurmuur/services/news create mode 100644 etc/vuurmuur/services/ntp create mode 100644 etc/vuurmuur/services/pcanywhere create mode 100644 etc/vuurmuur/services/ping create mode 100644 etc/vuurmuur/services/pop3 create mode 100644 etc/vuurmuur/services/pop3s create mode 100644 etc/vuurmuur/services/pptp create mode 100644 etc/vuurmuur/services/razor create mode 100644 etc/vuurmuur/services/rdp create mode 100644 etc/vuurmuur/services/rsync create mode 100644 etc/vuurmuur/services/samba create mode 100644 etc/vuurmuur/services/smtp create mode 100644 etc/vuurmuur/services/socks create mode 100644 etc/vuurmuur/services/squid-proxy create mode 100644 etc/vuurmuur/services/ssh create mode 100644 etc/vuurmuur/services/syslog create mode 100644 etc/vuurmuur/services/telnet create mode 100644 etc/vuurmuur/services/traceroute create mode 100644 etc/vuurmuur/services/upnp create mode 100644 etc/vuurmuur/services/usermin create mode 100644 etc/vuurmuur/services/vnc create mode 100644 etc/vuurmuur/services/webmin create mode 100644 etc/vuurmuur/services/whois create mode 100644 etc/vuurmuur/services/windowsmedia create mode 100644 etc/vuurmuur/vuurmuur_conf.conf create mode 100644 etc/vuurmuur/zones/.keep diff --git a/etc/default/vuurmuur b/etc/default/vuurmuur new file mode 100644 index 0000000..087631e --- /dev/null +++ b/etc/default/vuurmuur @@ -0,0 +1,10 @@ +# +# Vuurmuur - firewall configuration daemon +# + +# automatically start vuurmuur. Disabled by default to prevent you from +# beeing locked out of your box. Please first configure vuurmuur (using +# vuurmuur_conf). When you are done, set this value to 1, and try starting +# vuurmuur again. +# +VUURMUUR_START=0 diff --git a/etc/vuurmuur/config.conf b/etc/vuurmuur/config.conf new file mode 100644 index 0000000..afdd2e2 --- /dev/null +++ b/etc/vuurmuur/config.conf @@ -0,0 +1,100 @@ +# vuurmuur config file + +# Which plugin to use for which type of data. +SERVICES_BACKEND="textdir" + +ZONES_BACKEND="textdir" + +INTERFACES_BACKEND="textdir" + +RULES_BACKEND="textdir" + +# Location of the rulesfile (full path). +RULESFILE="/etc/vuurmuur/rules.conf" + +# Location of the blocklistfile (full path). +BLOCKLISTFILE="/etc/vuuurmuur/blocked.list" + +# Location of the iptables-command (full path). +IPTABLES="/sbin/iptables" + +# Location of the iptables-restore-command (full path). +IPTABLES_RESTORE="/sbin/iptables-restore" + +# Location of the conntrack-command (full path). +CONNTRACK="" + +# Location of the tc-command (full path). +TC="" + +# Location of the modprobe-command (full path). +MODPROBE="/sbin/modprobe" + +# Load modules if needed? (yes/no) +LOAD_MODULES="Yes" + +# Wait after loading a module in 1/10th of a second +MODULES_WAIT_TIME="10" + +# If set to yes, each rule will be loaded into the system individually using +# iptables. Otherwise iptables-restore will be used (yes/no). +OLD_CREATE_METHOD="No" + +# The directory where the logs will be written to (full path). +LOGDIR="/var/log/vuurmuur" + +# The logfile where the kernel writes the logs to e.g. /var/log/messages (full path). +SYSTEMLOG="/var/log/messages" + +# The loglevel to use when logging traffic. For use with syslog. +LOGLEVEL="info" + +# Check the dynamic interfaces for changes? +DYN_INT_CHECK="No" + +# Check every x seconds. +DYN_INT_INTERVAL="30" + +# LOG_POLICY controls the logging of the default policy. +LOG_POLICY="Yes" + +# LOG_POLICY_LIMIT sets the maximum number of logs per second. +LOG_POLICY_LIMIT="20" + +# LOG_BLOCKLIST enables/disables logging of items on the blocklist. +LOG_BLOCKLIST="Yes" + +# LOG_INVALID enables/disables logging of INVALID traffic. +LOG_INVALID="Yes" + +# LOG_NO_SYN enables/disables logging of new tcp packets without the SIN flag set. +LOG_NO_SYN="Yes" + +# LOG_PROBES enables/disables logging of probes. Probes are packets that are used in portscans. +LOG_PROBES="Yes" + +# LOG_FRAG enables/disables logging of fragmented packets. +LOG_FRAG="Yes" + +# LOG_TCP_OPTIONS controls the logging of tcp options. This is. +# not used by Vuurmuur itself. PSAD 1.4.x uses it for OS-detection. +LOG_TCP_OPTIONS="No" + +# SYN_LIMIT sets the maximum number of SYN-packets per second. +USE_SYN_LIMIT="Yes" + +SYN_LIMIT="15" +SYN_LIMIT_BURST="30" + +# UDP_LIMIT sets the maximum number of udp 'connections' per second. +USE_UDP_LIMIT="Yes" + +UDP_LIMIT="10" +UDP_LIMIT_BURST="60" + +# Protect against syn-flooding? (yes/no) +PROTECT_SYNCOOKIE="Yes" +# Ignore echo-broadcasts? (yes/no) +PROTECT_ECHOBROADCAST="Yes" + +# end of file diff --git a/etc/vuurmuur/interfaces/.keep b/etc/vuurmuur/interfaces/.keep new file mode 100644 index 0000000..e69de29 diff --git a/etc/vuurmuur/plugins/textdir.conf b/etc/vuurmuur/plugins/textdir.conf new file mode 100644 index 0000000..8795d6a --- /dev/null +++ b/etc/vuurmuur/plugins/textdir.conf @@ -0,0 +1 @@ +LOCATION=/etc/vuurmuur/ diff --git a/etc/vuurmuur/rules/.keep b/etc/vuurmuur/rules/.keep new file mode 100644 index 0000000..e69de29 diff --git a/etc/vuurmuur/services/.keep b/etc/vuurmuur/services/.keep new file mode 100644 index 0000000..e69de29 diff --git a/etc/vuurmuur/services/cvs b/etc/vuurmuur/services/cvs new file mode 100644 index 0000000..2cf57e0 --- /dev/null +++ b/etc/vuurmuur/services/cvs @@ -0,0 +1,9 @@ +ACTIVE="Yes" +TCP="2401*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="CVS " +AH="" +ESP="" diff --git a/etc/vuurmuur/services/dns b/etc/vuurmuur/services/dns new file mode 100644 index 0000000..bd45688 --- /dev/null +++ b/etc/vuurmuur/services/dns @@ -0,0 +1,11 @@ +# begin of file + +ACTIVE="Yes" +TCP="53*1024:65535" +UDP="53*1024:65535" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="Domain Name System. " + +# end of file diff --git a/etc/vuurmuur/services/ftp b/etc/vuurmuur/services/ftp new file mode 100644 index 0000000..1819e7d --- /dev/null +++ b/etc/vuurmuur/services/ftp @@ -0,0 +1,12 @@ +# begin of file + +ACTIVE="Yes" +TCP="21*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="File Transfer Protocol" +HELPER="ftp" + +# end of file diff --git a/etc/vuurmuur/services/http b/etc/vuurmuur/services/http new file mode 100644 index 0000000..abe3c4c --- /dev/null +++ b/etc/vuurmuur/services/http @@ -0,0 +1,11 @@ +# begin of file + +ACTIVE="Yes" +TCP="80:81*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="HTTP: used for normal webbrowsing." + +# end of file diff --git a/etc/vuurmuur/services/https b/etc/vuurmuur/services/https new file mode 100644 index 0000000..bc9bf6b --- /dev/null +++ b/etc/vuurmuur/services/https @@ -0,0 +1,11 @@ +# begin of file + +ACTIVE="Yes" +TCP="443*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="HTTPS for SSL-encrypted webbrowsing. " + +# end of file diff --git a/etc/vuurmuur/services/ident b/etc/vuurmuur/services/ident new file mode 100644 index 0000000..0288302 --- /dev/null +++ b/etc/vuurmuur/services/ident @@ -0,0 +1,7 @@ +ACTIVE="Yes" +TCP="113*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="Ident/auth/port 113 " diff --git a/etc/vuurmuur/services/imap b/etc/vuurmuur/services/imap new file mode 100644 index 0000000..9660d84 --- /dev/null +++ b/etc/vuurmuur/services/imap @@ -0,0 +1,11 @@ +# begin of file + +ACTIVE="Yes" +TCP="143*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="Imap for managing imap on a remote server." + +# end of file diff --git a/etc/vuurmuur/services/imaps b/etc/vuurmuur/services/imaps new file mode 100644 index 0000000..c1010f7 --- /dev/null +++ b/etc/vuurmuur/services/imaps @@ -0,0 +1,3 @@ +ACTIVE="yes" +TCP="993*1024:65535" +BROADCAST="no" diff --git a/etc/vuurmuur/services/irc b/etc/vuurmuur/services/irc new file mode 100644 index 0000000..ac6bfa7 --- /dev/null +++ b/etc/vuurmuur/services/irc @@ -0,0 +1,8 @@ +ACTIVE="Yes" +TCP="6667*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="Internet Relay Chat " +HELPER="irc" diff --git a/etc/vuurmuur/services/jabber b/etc/vuurmuur/services/jabber new file mode 100644 index 0000000..bec5a22 --- /dev/null +++ b/etc/vuurmuur/services/jabber @@ -0,0 +1,7 @@ +ACTIVE="Yes" +TCP="5222:5223*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="Jabber (5222) and Jabbel-SSL (5223). Instand message program/protocol." diff --git a/etc/vuurmuur/services/ldap b/etc/vuurmuur/services/ldap new file mode 100644 index 0000000..4d50997 --- /dev/null +++ b/etc/vuurmuur/services/ldap @@ -0,0 +1,4 @@ +ACTIVE="yes" +TCP="389*1024:65535" +BROADCAST="no" +COMMENT="Lightweight Directory Access Protocol." diff --git a/etc/vuurmuur/services/lisa b/etc/vuurmuur/services/lisa new file mode 100644 index 0000000..3194c52 --- /dev/null +++ b/etc/vuurmuur/services/lisa @@ -0,0 +1,11 @@ +# begin of file + +ACTIVE="Yes" +TCP="7741*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="Lisa, Kde network daemon. " + +# end of file diff --git a/etc/vuurmuur/services/msn b/etc/vuurmuur/services/msn new file mode 100644 index 0000000..806c753 --- /dev/null +++ b/etc/vuurmuur/services/msn @@ -0,0 +1,11 @@ +# begin of file + +ACTIVE="Yes" +TCP="1863*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="MSN: instand message program." + +# end of file diff --git a/etc/vuurmuur/services/mysql b/etc/vuurmuur/services/mysql new file mode 100644 index 0000000..c7ecd3e --- /dev/null +++ b/etc/vuurmuur/services/mysql @@ -0,0 +1,3 @@ +ACTIVE="yes" +TCP="3306*1024:65535" +BROADCAST="no" diff --git a/etc/vuurmuur/services/news b/etc/vuurmuur/services/news new file mode 100644 index 0000000..53c274f --- /dev/null +++ b/etc/vuurmuur/services/news @@ -0,0 +1,7 @@ +ACTIVE="Yes" +TCP="119*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="News, or NNTP. For accessing newsgroups." diff --git a/etc/vuurmuur/services/ntp b/etc/vuurmuur/services/ntp new file mode 100644 index 0000000..911e0c3 --- /dev/null +++ b/etc/vuurmuur/services/ntp @@ -0,0 +1,5 @@ +ACTIVE="yes" +UDP="123*1024:65535" +UDP="123*123" +BROADCAST="no" +COMMENT="Network Time Protocol." diff --git a/etc/vuurmuur/services/pcanywhere b/etc/vuurmuur/services/pcanywhere new file mode 100644 index 0000000..4da7491 --- /dev/null +++ b/etc/vuurmuur/services/pcanywhere @@ -0,0 +1,7 @@ +ACTIVE="Yes" +TCP="5631*1024:65535" +UDP="5631:5632*1024:65535" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="PcAnywhere, for remote control of the desktop of Windows(tm) pc's." diff --git a/etc/vuurmuur/services/ping b/etc/vuurmuur/services/ping new file mode 100644 index 0000000..3ca59c9 --- /dev/null +++ b/etc/vuurmuur/services/ping @@ -0,0 +1,11 @@ +# begin of file + +ACTIVE="Yes" +TCP="" +UDP="" +ICMP="8:0*0:0" +GRE="" +BROADCAST="No" +COMMENT="" + +# end of file diff --git a/etc/vuurmuur/services/pop3 b/etc/vuurmuur/services/pop3 new file mode 100644 index 0000000..142d3b0 --- /dev/null +++ b/etc/vuurmuur/services/pop3 @@ -0,0 +1,11 @@ +# begin of file + +ACTIVE="Yes" +TCP="110*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="" + +# end of file diff --git a/etc/vuurmuur/services/pop3s b/etc/vuurmuur/services/pop3s new file mode 100644 index 0000000..a0b80ae --- /dev/null +++ b/etc/vuurmuur/services/pop3s @@ -0,0 +1,7 @@ +ACTIVE="Yes" +TCP="995*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="Secure pop3 " diff --git a/etc/vuurmuur/services/pptp b/etc/vuurmuur/services/pptp new file mode 100644 index 0000000..01985a9 --- /dev/null +++ b/etc/vuurmuur/services/pptp @@ -0,0 +1,6 @@ +ACTIVE="yes" +TCP="1723*1024:65535" +BROADCAST="no" +UDP="" +GRE="" +ICMP="" diff --git a/etc/vuurmuur/services/razor b/etc/vuurmuur/services/razor new file mode 100644 index 0000000..cfcfe88 --- /dev/null +++ b/etc/vuurmuur/services/razor @@ -0,0 +1,8 @@ +ACTIVE="Yes" +TCP="2703*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="Protocol for the razor spam blacklist. " +HELPER="" diff --git a/etc/vuurmuur/services/rdp b/etc/vuurmuur/services/rdp new file mode 100644 index 0000000..29ced0c --- /dev/null +++ b/etc/vuurmuur/services/rdp @@ -0,0 +1,7 @@ +ACTIVE="Yes" +TCP="3389*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="RDP: Windows Remote Desktop. " diff --git a/etc/vuurmuur/services/rsync b/etc/vuurmuur/services/rsync new file mode 100644 index 0000000..36a190d --- /dev/null +++ b/etc/vuurmuur/services/rsync @@ -0,0 +1,3 @@ +ACTIVE="yes" +TCP="873*1024:65535" +BROADCAST="no" diff --git a/etc/vuurmuur/services/samba b/etc/vuurmuur/services/samba new file mode 100644 index 0000000..3c111bc --- /dev/null +++ b/etc/vuurmuur/services/samba @@ -0,0 +1,15 @@ +# begin of file + +ACTIVE="Yes" +TCP="139*1024:65535" +TCP="445*1024:65535" +UDP="137*137" +UDP="138*138" +UDP="137*1024:65535" +UDP="1024:65535*137" +ICMP="" +GRE="" +BROADCAST="Yes" +COMMENT="Samba, the Windows Network. " + +# end of file diff --git a/etc/vuurmuur/services/smtp b/etc/vuurmuur/services/smtp new file mode 100644 index 0000000..aeced43 --- /dev/null +++ b/etc/vuurmuur/services/smtp @@ -0,0 +1,11 @@ +# begin of file + +ACTIVE="Yes" +TCP="25*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="" + +# end of file diff --git a/etc/vuurmuur/services/socks b/etc/vuurmuur/services/socks new file mode 100644 index 0000000..1573d3e --- /dev/null +++ b/etc/vuurmuur/services/socks @@ -0,0 +1,17 @@ +# begin of file + +ACTIVE="Yes" + +PROTO="tcp" + +TCP="1080*1024:65535" + +UDP="" + +ICMP="" + +GRE="" + +BROADCAST="No" + +# end of file diff --git a/etc/vuurmuur/services/squid-proxy b/etc/vuurmuur/services/squid-proxy new file mode 100644 index 0000000..e4dcfe0 --- /dev/null +++ b/etc/vuurmuur/services/squid-proxy @@ -0,0 +1,8 @@ +ACTIVE="No" +TCP="3128*1024:65535" +TCP="8080*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="A service for the Squid-proxy... " diff --git a/etc/vuurmuur/services/ssh b/etc/vuurmuur/services/ssh new file mode 100644 index 0000000..6b05288 --- /dev/null +++ b/etc/vuurmuur/services/ssh @@ -0,0 +1,14 @@ +# begin of file + +ACTIVE="Yes" +TCP="22*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="SSH. " + +# end of file +PROTO_41="" +AH="" +ESP="" diff --git a/etc/vuurmuur/services/syslog b/etc/vuurmuur/services/syslog new file mode 100644 index 0000000..4500975 --- /dev/null +++ b/etc/vuurmuur/services/syslog @@ -0,0 +1,9 @@ +ACTIVE="Yes" +TCP="" +UDP="514*1024:65535" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="" +AH="" +ESP="" diff --git a/etc/vuurmuur/services/telnet b/etc/vuurmuur/services/telnet new file mode 100644 index 0000000..aa22856 --- /dev/null +++ b/etc/vuurmuur/services/telnet @@ -0,0 +1,11 @@ +# begin of file + +ACTIVE="Yes" +TCP="23*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="Protocol for remote management. Depreciated on insecure networks. Use SSH instead." + +# end of file diff --git a/etc/vuurmuur/services/traceroute b/etc/vuurmuur/services/traceroute new file mode 100644 index 0000000..f67a122 --- /dev/null +++ b/etc/vuurmuur/services/traceroute @@ -0,0 +1,17 @@ +# begin of file + +ACTIVE="Yes" + +PROTO="udp" + +TCP="" + +UDP="33434:33523*1024:65535" + +ICMP="" + +GRE="" + +BROADCAST="No" + +# end of file diff --git a/etc/vuurmuur/services/upnp b/etc/vuurmuur/services/upnp new file mode 100644 index 0000000..b7f72ef --- /dev/null +++ b/etc/vuurmuur/services/upnp @@ -0,0 +1,7 @@ +ACTIVE="Yes" +TCP="" +UDP="1900*1024:65535" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="Universal Plug and Pray... not recommended to enable to pass your firewall. " diff --git a/etc/vuurmuur/services/usermin b/etc/vuurmuur/services/usermin new file mode 100644 index 0000000..5721ef4 --- /dev/null +++ b/etc/vuurmuur/services/usermin @@ -0,0 +1,9 @@ +ACTIVE="Yes" +TCP="20000*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="" +AH="" +ESP="" diff --git a/etc/vuurmuur/services/vnc b/etc/vuurmuur/services/vnc new file mode 100644 index 0000000..c5fbd11 --- /dev/null +++ b/etc/vuurmuur/services/vnc @@ -0,0 +1,7 @@ +ACTIVE="Yes" +TCP="5900*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="Vnc: Linux remote desktop-like tool." diff --git a/etc/vuurmuur/services/webmin b/etc/vuurmuur/services/webmin new file mode 100644 index 0000000..5379817 --- /dev/null +++ b/etc/vuurmuur/services/webmin @@ -0,0 +1,9 @@ +ACTIVE="Yes" +TCP="10000*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="" +AH="" +ESP="" diff --git a/etc/vuurmuur/services/whois b/etc/vuurmuur/services/whois new file mode 100644 index 0000000..a464310 --- /dev/null +++ b/etc/vuurmuur/services/whois @@ -0,0 +1,7 @@ +ACTIVE="Yes" +TCP="43*1024:65535" +UDP="" +ICMP="" +GRE="" +BROADCAST="No" +COMMENT="" diff --git a/etc/vuurmuur/services/windowsmedia b/etc/vuurmuur/services/windowsmedia new file mode 100644 index 0000000..8001c38 --- /dev/null +++ b/etc/vuurmuur/services/windowsmedia @@ -0,0 +1,3 @@ +ACTIVE="yes" +TCP="1755*1024:65535" +BROADCAST="no" diff --git a/etc/vuurmuur/vuurmuur_conf.conf b/etc/vuurmuur/vuurmuur_conf.conf new file mode 100644 index 0000000..efc136d --- /dev/null +++ b/etc/vuurmuur/vuurmuur_conf.conf @@ -0,0 +1,23 @@ +# vuurmuur_conf config file + +# Some parts of the Gui have advanced options that can be enabled by. +# pressing F5. If you set this to yes, they will be enabled by default. +ADVANCED_MODE="No" + +# The main menu can show status information about various parts of. +# Vuurmuur. +MAINMENU_STATUS="Yes" + +# NEWRULE_LOG enables logging for new rules. +NEWRULE_LOG="Yes" + +# NEWRULE_LOGLIMIT sets the maximum number of logs per second for new rules. +NEWRULE_LOGLIMIT="20" + +# LOGVIEW_BUFSIZE sets the buffersize (in loglines) of the logviewer for scrolling back. +LOGVIEW_BUFSIZE="500" + +# The location of the iptrafvol.pl command. +IPTRAFVOL="/usr/bin/iptrafvol.pl" + +# end of file diff --git a/etc/vuurmuur/zones/.keep b/etc/vuurmuur/zones/.keep new file mode 100644 index 0000000..e69de29 -- 2.30.2