IPTABLES="/sbin/iptables" # Full path to iptables goes here INET_DYN_IP="TRUE" #Set to "TRUE" if you have a dynamic (DHCP) internet IP. LAN_IFACE="eth1" # Interface connected to LAN LAN_NETWORK="192.168.1.0/255.255.255.0" # Put your LAN network address here. INET_IFACE="eth0" # Interface connected to Internet TCP_ALLOW="" # Incomming ports to allow, separate each port by spaces. UDP_ALLOW="" REJECT_AUTH="TRUE" # cause requests made to the auth port (113) to be rejected DENY="DROP" # set to either DROP or REJECT depending on how you want to respond to undesired packets. DENY_IPS="" # IPs you want to explicity deny from accessing any service on your network. # Transparent proxy support, proxy must run on the firewall TRANS_PROX="FALSE" # set to "TRUE" if the firewall will also be a transparent proxy TRANS_PROX_PORT="3128" # MUST be set to port proxy server listens to if TRANS_PROXY is TRUE. # Option to turn OFF IP masquerading, most likely only of use if you only allow web traffic through the transparent proxy. IP_MASQ="TRUE" # set to TRUE to enable ipmasq, you most likely want this. Anything else is interpreted as FALSE. FW_DEBUG="FALSE" # provide debugging information if set to TRUE, anything else is interpreted as FALSE. # ICMP Settings ALLOW_ICMP="TRUE" # permits passage of ICMP packets LIMIT_ICMP="TRUE" # Limits what ICMP packets the firewall will allow, ALLOW_ICMP must also be "TRUE" FWLOG="TRUE" # Set to TRUE if you want any logging. LIMIT_LOG="TRUE" # SYSLOG only if set to true, limits logged packets to 1/sec with a burst of 3. Use to prevent a possible DOS from trying to log so many packets. LOG_TYPE="SYSLOG" # Leave set to SYSLOG unless you are brave, The other type, QUEUE sends packets to the QUEUE target for processing by another app such as pdumpq. LOG_IGNORE_IP="" # Use space seperated list of IP's or netblocks in the form xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy LOG_IGNORE_TCP="" # Use space separated list of port numbers or leave blank LOG_IGNORE_UDP="" # Use space separated list of port numbers or leave blank LOG_IGNORE_ICMP="FALSE" # Set to TRUE or leave blank