mirror/ULib
1
0
Fork 0
mirror of https://github.com/stefanocasazza/ULib.git synced 2025-09-28 19:05:55 +08:00
Code Issues Releases Wiki Activity
0928b6835a
ULib/tests/examples/nocat/etc/nodog_fw.conf
stefanocasazza 3c3c591bb9 clean history
2015-01-23 17:24:36 +01:00

49 lines
2.7 KiB
Plaintext
Raw Blame History

# --------------------------------
# configuration for setup firewall
# --------------------------------
# Required only if you DO NOT want your gateway to act as a NAT. Give this only if you are running a strictly routed
# network, and do not need the gateway to enable NAT for you
RouteOnly=1
# If you choose not to run DNS on your internal network, specify the address(es) of one or more domain name server
# on the Internet that wireless clients can use to get out. Should be the same DNS that your DHCP server hands out
DNSAddr=192.168.210.254
# Specify TCP ports to allow access to when public class users login. All others will be denied
#IncludePorts="22 80 443"
# Specify TCP ports to denied access to when public class users login. All others will be allowed. Note that you should
# use either IncludePorts or ExcludePorts, but not both. If neither is specified, access is granted to all ports to public
# class users. You should *always* exclude port 25, unless you want to run an portal for wanton spam sending. Users should
# have their own way of sending mail. It sucks, but that is the way it is.
# Comment this out *only if* you are using IncludePorts instead
#ExcludePorts="23 25 111"
# List any domains that you would like to allow web access (TCP port 80 and 443) BEFORE logging in (this is the
# pre-skip stage, so be careful about what you allow
AllowedWebHosts=159.213.0.0/16
# the interface connected to the Internet. Usually eth0 or eth1 under Linux, or maybe even ppp0 if you are running PPP or PPPoE
ExternalDevice=eth0
# Required if and only if your machine has more than two network interfaces. Must be set to the interface connected to your local
# network, normally your wireless card
InternalDevice="eth0 eth0"
# Must be set to the network address and net mask of your internal network. You can use the number of bits in the netmask
# (e.g. /16, /24, etc.) or the full x.x.x.x specification
LocalNetwork="10.30.1.0/24 10.1.0.1/16"
# URL to the login service at the authservice. Must be set to the address of your authentication service
# You must use an IP address if DNS resolution is not available at gateway startup
AuthServiceAddr="http://www.auth-firenze.com/login http://10.30.1.131"
#AuthServiceAddr="http://www.auth-firenze.com/login http://10.30.1.131"
# The TCP port to bind the gateway service to. 5280 is de-facto standard for NoCatAuth. Change this only if you absolutely need to
GatewayPort=5280
# Give this if you want to disable public access (i.e. unauthenticated 'skip' button access). You'll also want to
# point AuthServiceAddr somewhere that doesn't include a skip button (likeat your own Auth server)
MembersOnly=1
# --------------------------------
Reference in New Issue View Git Blame Copy Permalink