File: rc

package info (click to toggle)
uruk 20051129-1
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 484 kB
  • ctags: 6
  • sloc: sh: 1,049; makefile: 114
file content (81 lines) | stat: -rw-r--r-- 2,828 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# this file maintained using arch at http://arch.gna.org/uruk/
# Sample Uruk rc file

# Copyright (C) 2003 Stichting LogReport Foundation logreport@logreport.org
# Copyright (C) 2003, 2004 Tilburg University http://www.uvt.nl/
# Copyright (C) 2003, 2004, 2005 Joost van Baal
#
# This file is part of Uruk.  Uruk is free software; you can redistribute
# it and/or modify it under the terms of the GNU GPL, see the file named
# COPYING.

# Uruk version compatibility of this rc file
version=20051026

# Log denied packets, which are targetted at one of our IPs.  Do not log
# blocked broadcasts.
loglevel=30

# List of network interfaces.  lo should not be in this list. For every
# interface <if>, variables ip_<if>, bcast_<if> and net_<if> should be
# defined.
interfaces="eth0 eth1"

# For each interface <if> in interfaces, ip_<if> and net_<if> should be
# defined
ip_eth0=10.56.0.201
# If you have enabled IPv6 support, supply IPv6 addresses like this:
# ip6_eth0=2006:488:1a9b:0:4a54:e8ff:fe2b:f25c
ip_eth1=192.168.0.4

# To which network does this interface belong?  Should be one of
# 0.0.0.0/0 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16. Used to decide wether a
# packet for this interface is spoofed, and therefore should get dropped.
net_eth0=0.0.0.0/0
net_eth1=192.168.0.0/16

# Subset of interfaces, which should drop broadcast and multicast packets
interfaces_nocast="eth0"

# For each interface <if> in interfaces_nocast, bcast_<if> should be defined
bcast_eth0=10.56.255.255


# You can define any shell variable, and reference it later on
localnet="10.56.0.0/16"
all=0.0.0.0/0

# For each interface, and for both tcp and udp, symbolic names of (sets of)
# services could be defined, in variables services_<if>_{tcp,udp}.
services_eth0_tcp="mail local public"

# For every servicesetname <s>, every interface <if>, and tcp and/or udp, a
# list of allowed source addresses should be defined in a variable
# sources_<if>_{tcp,udp}_<s> .  Furthermore a list of ports should be defined
# in a variable ports_<if>_{tcp,udp}_<s> .

# A valid source is 192.168.6.26, another valid source is 192.168.6.0/24.
# One can add DNS domainnames like gandalf.example.com too: iptables will
# perform a DNS lookup
sources_eth0_tcp_mail="10.0.0.0/24 10.56.38.0/24 192.168.6.26"
sources_eth0_tcp_local="$localnet gandalf.example.com"
sources_eth0_tcp_public=$all
# If you have enabled IPv6 support, supply IPv6 addresses like this:
# sources6_eth0_tcp_public="0000:0000:0000:0000:0000:0000:0000:0000/0"


# Symbolic port names are fine.
ports_eth0_tcp_mail=smtp
ports_eth0_tcp_local="ssh ftp"
ports_eth0_tcp_public="www"


services_eth0_udp="syslog local"

sources_eth0_udp_syslog="10.56.0.10/32"
sources_eth0_udp_local=$localnet

ports_eth0_udp_syslog="syslog"
# Port ranges are allowed too
ports_eth0_udp_local="ntp 605:608 853:876"