tuxfrw.conf

1. ##############################################################################
2. # Variables definition
3. ##############################################################################
4. # Change data below according to your network
5.  
6. IPTABLES="`type -p iptables`"
7. LO_IFACE="lo"
8. LO_NET="127.0.0.0/255.0.0.0"
9.  
10. # Note: if you don't have one of the interfaces, leave it blank.
11. # Example: EXT_IFACE=""
12.  
13. # Example:
14. # EXT_IFACE="eth0"
15. # EXT_IP="200.xxx.10.1"
16. # EXT_NET="200.xxx.10.0/24"
17. # EXT_BRO="200.xxx.10.255"
18.  
19. # For connections with dynamic IP, fill out only the interface.
20. # Example:
21. # EXT_IFACE="ppp0"
22.  
23. #VELOX:
24. EXT_IFACE="ppp0"
25. EXT_IP=""
26. EXT_NET=""
27. EXT_BRO=""
28.  
29. # INTRANET:
30. INT_IFACE="eth1"
31. INT_IP="192.168.1.1"
32. INT_NET="192.168.1.0/24"
33. INT_BRO="192.168.1.255"
34.  
35. # DMZ: FASTNET 07/02/2011
36. DMZ_IFACE="eth0"
37. DMZ_IP="186.227.72.65"
38. DMZ_NET="186.227.72.32/29"
39. DMZ_BRO="186.227.72.39"
40.  
41.  
42. # OpenVPN VPN
43. # Example:
44. # OpenVPN_IFACE="tun+"
45. # OpenVPN_IP="0/0"
46. OpenVPN_IFACE=""
47. OpenVPN_IP=""
48. OpenVPN_PORT=""
49. OpenVPN_PROTO=""
50.  
51. # IP address used for DMZ.
52.  
53. # SERVERS:
54. IP_DNS1="192.168.0.2"
55. IP_DNS2="192.168.0.3"
56. IP_WWW1="192.168.0.4"
57. IP_SMTP="192.168.0.5"
58.  
59. # IP address used for NAT.
60. # To enable or disable NAT, change the variable below to:
61. # '0' disabled.
62. # '1' POSTROUTING only.
63. # '2' POSTROUTING and PREROUTING.
64. # '3' PREROUTING only.
65.  
66. # NAT:
67. NAT="2"
68.  
69. IP_DNS1_NAT="192.0.2.2"
70. IP_DNS2_NAT="192.0.2.3"
71. IP_WWW1_NAT="192.0.2.4"
72. IP_SMTP_NAT="192.0.2.5"
73.  
74. # Remote IP used for remote admin
75. # INPUT rule uses RMT_ADMIN_IP on file 'tf_INPUT.mod'
76. # Network administrator IP
77. # The same rules aply to this variable as explained above (RMT_ADMIN_IP)
78.  
79. # ADMINS:
80. RMT_ADMIN_IP=""
81. ADMIN_IP="192.168.1.60"
82.  
83. # BROADCAST
84. BRO_ADDR="255.255.255.255"
85.  
86. # IANA RESERVED NETs
87. # ftp://ftp.rfc-editor.org/in-notes/rfc3330.txt
88. RESERVED_NET="0.0.0.0/7 2.0.0.0/8 5.0.0.0/8 7.0.0.0/8 10.0.0.0/8 \
89. 23.0.0.0/8 27.0.0.0/8 31.0.0.0/8 36.0.0.0/7 39.0.0.0/8 \
90. 42.0.0.0/8 77.0.0.0/8 78.0.0.0/7 92.0.0.0/6 96.0.0.0/4 \
91. 112.0.0.0/5 120.0.0.0/6 127.0.0.0/8 169.254.0.0/16 \
92. 172.16.0.0/12 173.0.0.0/8 174.0.0.0/7 176.0.0.0/5 \
93. 197.0.0.0/8 \
94. 223.0.0.0/8 240.0.0.0/4"
95.  
96. # Snort_Inline Support
97. # TARGET="ACCEPT" - disable snort_inline support
98. # TARGET="QUEUE" - enable snort_inline support
99. TARGET="ACCEPT"
100.  
101. # QoS Configuration
102. # USE_QoS options: path of htb.init or cbq.init
103. # USE_QoS="/usr/sbin/htb.init"
104. USE_QoS=""
105.  
106. # PROXY_PORT="" - proxy disabled
107. # PROXY_PORT="3128" - proxy enabled at 3128 port
108. PROXY_PORT=""
109.  
110. # Transparent Proxy:
111. # 0 - disable
112. # 1 - enable
113. PROXY_T="0"
114.  
115. # Are you using modular kernel?
116. # 0 - no
117. # 1 - yes
118. KERN_MOD="1"
119.  
120. # TuxFrw permits integration with PigMeat/PigMeet. If you want TuxFrw blocking
121. # the IPs blocked by PigMeat/PigMeet, use the variable below.
122. # Examples:
123. # PIGMEAT="/var/log/pigmeat/hosts.blocked"
124. # PIGMEAT="/usr/local/pigserverd/run/blocked"
125. PIGMEAT=""