############################################################################### # FIAIF global configuration file. # Version $Id: fiaif.conf,v 1.37 2003/05/24 22:50:51 afu Exp $ ############################################################################### ## Reserved (illegal) and private networks ## See: www.iana.com RESERVED_NETWORKS=reserved_networks PRIVATE_NETWORKS=private_networks LOOPBACK_NET="127.0.0.1/255.0.0.0" SERVICES="/etc/services" ############################################################################### # Search path for binaries ############################################################################### BIN_PATH=/sbin:/usr/sbin:/usr/local/sbin ############################################################################### # User configurable parameters ############################################################################### ## Activate fiaif? ## Set this VARIABLE to 0 or delete the line to enable FIAIF. DONT_START=1 ## Configuration directory. All configuration files are read from this ## directory. CONF_DIR=/etc/fiaif/ ## Zone names. Only these zones are used. ## You must have a CONF_ entry for each below. ZONES="EXT" ## Zone cofiguration files. ## The files are expected to be found in CONF_DIR ## Use: CONF_XXX= CONF_INT=zone.int CONF_EXT=zone.ext CONF_DMZ=zone.dmz ## Use iptables-save and iptables restore to speed up ## Startup scripts. You should leave this setting to 0. ## Use: SAVE_STATE=0|1 SAVE_STATE=1 ## Change values in /proc/sys/net/* ## When issuing a 'fiaif test' a list of errors and warnings are displayed. ## The SET_PROC_ERRORS, specifies that FIAIF should correct the errors, and ## The SET_PROC_WARNINGS, specifies that FIAIF should correct the warnings. ## SET_PROC_ERRORS=<0|1> ## SET_PROC_WARNINGS=<0|1> SET_PROC_ERRORS=1 SET_PROC_WARNINGS=0 ## Enable TC for any zone. ## Overrides ENABLE_TC in zone configurations. ## Use: ENABLE_TC=<0|1> ENABLE_TC=0 ## File to which commands are written when making a test. ## TEST_FILE= TEST_FILE="/tmp/fiaif.out" ## Set to one if you do not want to close up the firewall. ## DEBUG=<0|1> DEBUG=0 ## Set to one, to enable logging via ulogd. ## You need to have the ulogd installed, to enable this functionality ## Note: does not work correctly with kernel 2.4.18. ## ENABLE_ULOGD=<0|1> ENABLE_ULOG=0 ## Set to one if dropped or rejected packets should be logged. ## VERBOSE=<0|1> VERBOSE=1 ## Prefix to pre-pend to log messages ## Use: LOG_PREFIX="FIAIF_" ## This will cause log messages to have [FIAIF_DROP] or [FIAIF_MARTIAN] (etc) ## as their marker LOG_PREFIX="FIAIF_" ## Limit the number of log-messages when packets are dropped. ## Lower to avoid spamming the logs. ## Use: LOG_LEVEL= ## Use: LOG_LIMIT= ## Use: LOG_BURST= ## LEVEL : defines the level (or priority) of the logged ## messages - See syslog.conf(5) for more ## If ulog is enabled, the value must be in the range ## 1..32 ## LIMIT : Maximum average matching rate: specified as a number, ## with an optional '/second', '/minute', '/hour', or '/day' ## suffix. ## BURST : Maximum initial number of packets to match: this ## number is incrementedby one every time the limit ## specified above is not reached, up to this number. LOG_LEVEL=CRIT LOG_LIMIT=10/minute LOG_BURST=10 ## Load modules upon starting the firewall. The modules will be ## unloaded, when the firewall is stopped. ## MODULES=[module_name]* MODULES="ip_nat_ftp" ## The following lines allows users specified commands to ## be executed before and after FIAIF is started/stopped. ## This can be used to e.g. insert additional rules for traffic counters, ## And then save/restore these. ## Use: ## __SCTIPT[N]= #PRE_START_SCRIPT[0]="" #PRE_START_SCRIPT[1]="" #POST_START_SCRIPT[0]="" #POST_START_SCRIPT[1]="" #PRE_STOP_SCRIPT[0]="" #PRE_STOP_SCRIPT[1]="" #POST_STOP_SCRIPT[0]="" #POST_STOP_SCRIPT[1]="" ## Specify localtion of "Type Of Services" file. ## This can either be empty or a file. TOS_FILE=type_of_services ## Specify aliases file. ## In this file, aliases for IP numbers can be specified. ALIASES=aliases