]> git.ipfire.org Git - people/ms/network.git/blobdiff - functions.constants-firewall
projects / people / ms / network.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
hostapd: Enable WMM by default.
[people/ms/network.git] / functions.constants-firewall
diff --git a/functions.constants-firewall b/functions.constants-firewall
index decd708443b6187f5a0336a32efc0ce5e8f06c98..f1eaf505b5531c10b0c80a9dcc275ffe3597457a 100644 (file)
--- a/functions.constants-firewall
+++ b/functions.constants-firewall
@@ -25,8 +25,7 @@ IPTABLES_TMPDIR=
 
 FIREWALL_CONFIG_DIR="/etc/firewall"
 FIREWALL_ZONES_DIR="${FIREWALL_CONFIG_DIR}/zones"
-FIREWALL4_CONFIG_FILE="${FIREWALL_CONFIG_DIR}/config4"
-FIREWALL6_CONFIG_FILE="${FIREWALL_CONFIG_DIR}/config6"
+FIREWALL_CONFIG_FILE="${FIREWALL_CONFIG_DIR}/config"
 FIREWALL_CONFIG_RULES="${FIREWALL_CONFIG_DIR}/rules"
 
 FIREWALL_MACROS_DIRS="${FIREWALL_CONFIG_DIR}/macros"
@@ -50,8 +49,61 @@ FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_NFLOG_THRESHOLD"
 FIREWALL_CLAMP_PATH_MTU="false"
 FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_CLAMP_PATH_MTU"
 
-FIREWALL4_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS}"
-FIREWALL6_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS}"
+# Conntrack: Max. amount of simultaneous connections.
+CONNTRACK_MAX_CONNECTIONS="16384"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} CONNTRACK_MAX_CONNECTIONS"
+
+# Conntrack: UDP timeout
+CONNTRACK_UDP_TIMEOUT="60"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} CONNTRACK_UDP_TIMEOUT"
+
+# Use SYN cookies or not
+FIREWALL_SYN_COOKIES="true"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_SYN_COOKIES"
+
+# rp_filter
+FIREWALL_RP_FILTER="true"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_RP_FILTER"
+
+# Log martians
+FIREWALL_LOG_MARTIANS="false"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_MARTIANS"
+
+# Accept ICMP redirects
+FIREWALL_ACCEPT_ICMP_REDIRECTS="false"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_ACCEPT_ICMP_REDIRECTS"
+
+# ECN (Explicit Congestion Notification)
+FIREWALL_USE_ECN="false"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_USE_ECN"
+
+# Path MTU discovery
+FIREWALL_PMTU_DISCOVERY="true"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_PMTU_DISCOVERY"
+
+# Default TTL
+FIREWALL_DEFAULT_TTL="64"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_DEFAULT_TTL"
+
+# Log stealth scans
+FIREWALL_LOG_STEALTH_SCANS="true"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_STEALTH_SCANS"
+
+# Log packets with bad TCP flags
+FIREWALL_LOG_BAD_TCP_FLAGS="true"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_BAD_TCP_FLAGS"
+
+# Log INVALID TCP packets
+FIREWALL_LOG_INVALID_TCP="true"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_INVALID_TCP"
+
+# Log INVALID UDP packets
+FIREWALL_LOG_INVALID_UDP="true"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_INVALID_UDP"
+
+# Log INVALID ICMP packets
+FIREWALL_LOG_INVALID_ICMP="true"
+FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_INVALID_ICMP"
 
 FIREWALL_SUPPORTED_PROTOCOLS="tcp udp icmp igmp esp ah gre"
 FIREWALL_PROTOCOLS_SUPPORTING_PORTS="tcp udp"
Networking code of IPFire 3.x.