Template: arno-iptables-firewall/title
Type: title
_description: arno-iptables-firewall configuration

Template: arno-iptables-firewall/config-ext-if
Type: string
_description: External network interfaces:
 The external network interfaces connect this machine
 to untrusted networks (e.g. the Internet). The firewall will only permit
 connections attempts with explicitly allowed source/destination-port
 combinations on these interfaces. You have to specify all external
 interfaces (e.g. eth0 and/or ppp0).
 .
 For a ppp-interface that doesn't exist yet you can use the wildcard device
 called "ppp+", but you can only use ppp+ if there aren't any other ppp
 interfaces!
 .
 If no interfaces are specified here, no firewall setup will
 be performed.
 .
 Multiple interfaces should be specified space separated.

Template: arno-iptables-firewall/dynamic-ip
Type: boolean
_description: Is DHCP used on external interfaces?
 This machine might use DHCP to dynamically obtain its IP address from
 your Internet service provider (ISP). This will be almost always the case
 if you have a non-permanent (e.g. dialup) connection.
 .
 If DHCP is not explicitly enabled, the firewall will block all DHCP-related
 network traffic.
 .
 Leave this enabled, if you are unsure.
Default: true

Template: arno-iptables-firewall/services-tcp
Type: string
_description: Open external TCP-ports:
 The default firewall policy is to deny all incoming traffic on the
 external interfaces. If this machine provides services to the outside
 world (e.g. the Internet) they have to be explicitly enabled.
 .
 Please specify the TCP-ports numbers associated with the services that
 shall be accessible from the outside world. Some frequently used ports are: 80
 (http), 443 (https) or 22 (ssh).
 .
 In addition to single port numbers you may also specify port ranges (e.g.
 10000:11000). Multiple entries should be entered space separated.
 .
 If unsure, leave this empty.

Template: arno-iptables-firewall/services-udp
Type: string
_description: Open external UDP-ports:
 The default firewall policy is to deny all incoming traffic on the
 external interfaces. If this machine provides services for the outside
 world (e.g. the Internet) they have to be explicitly enabled.
 .
 Please specify the UDP-ports numbers associated with the services that
 shall be accessible from the outside world.
 .
 In addition to single port numbers you may also specify port ranges (e.g.
 10000:11000). Multiple entries should be entered space separated.
 .
 If unsure, leave this empty.

Template: arno-iptables-firewall/restart
Type: boolean
_description: Should the firewall be (re)started now?
 For security reasons the new firewall setup is not applied
 automatically. You might want to perform a manual inspection of the
 firewall configuration in /etc/arno-iptables-firewall/firewall.conf, especially
 when upgrading to a new version, as configuration variables might have changed.
 .
 In order to later manually apply the new
 firewall settings before the next reboot, invoke 'invoke-rc.d
 arno-iptables-firewall start'.
 .
 If you do not need manual inspection, the firewall-setup can be applied now.
Default: true

Template: arno-iptables-firewall/nat
Type: boolean
_description: Do you want to enable NAT?
 If the connected internal networks should be able to access the outside
 world (e.g. the Internet) through the firewall, masquerading (NAT) has
 to be enabled.
 .
 When in doubt, you can safely leave this disabled.
Default: false

Template: arno-iptables-firewall/config-int-if
Type: string
_description: Internal network interfaces:
 The internal network interfaces connect this machine
 to trusted networks (e.g. the office or home LAN). The firewall will permit
 all connection attempts on these interfaces. If you specify such interfaces,
 you will be able to permit the internal networks to access the Internet through
 this host. If there are no such interfaces, leave this empty.
 .
 Multiple interfaces should be entered space separated.

Template: arno-iptables-firewall/config-int-net
Type: string
_description: Internal subnets:
 You have to specify which subnets are connected to the internal network
 interfaces. Hosts in the internal networks can connect to all the services on
 this machine.
 .
 Give subnets in CIDR notation (e.g. 192.168.1.0/24). If you have
 multiple internal networks, they should be space separated.

Template: arno-iptables-firewall/config-int-nat-net
Type: string
_description: Internal networks with access to external networks:
 If you want to restrict the access to the external networks, you can specify
 the allowed internal subnets in CIDR notation (e.g. 192.168.1.0/24). It is
 also possible to specify single hosts by their IP addresses. If you have
 multiple internal networks and/or hosts, they should be given space separated.
 .
 If you leave this empty, the value is automatically set to equal the internal
 network. Therefore the WHOLE internal network will have access to the external
 networks, so be careful to only specify networks that should have access to
 the outside world.
 .
 If you are unsure, leave this empty.

Template: arno-iptables-firewall/icmp-echo
Type: boolean
_description: Should the machine be pingable from the outside world?
 For increased security the firewall can be setup to ignore ICMP echo
 requests (pings). While this is generally a good idea (the host seems to
 be down at a first glance), this is sometimes not useful (e.g. failure
 diagnostics).
 .
 If you are not sure, leave this disabled.
Default: false

Template: arno-iptables-firewall/debconf-wanted
Type: boolean
_description: Do you want to manage the firewall setup with debconf?
 A basic firewall setup that is suitable for most purposes can be created by
 answering a few questions. This should be the preferred option for all who are
 not familiar with firewall-related topics.
 .
 If you do not want that, the firewall will not work before you have edited
 the configuration manually.
Default: true