-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefaults.conf
194 lines (158 loc) · 7.02 KB
/
defaults.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
#!/usr/bin/env bash
#-------------------------------------------------------------------------------
# IP-Array DEFAULTS
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# OUTPUT
#-------------------------------------------------------------------------------
# Disable / Enable coloured output | Format: 0/1
#ENABLE_COLORS=1
# Disable / Enable syslog logging | Format: 0/1
#ENABLE_SYSLOG=1
# Facility to use with syslog
# Valid values are:
# auth, authpriv (for security information of a sensitive nature),
# cron, daemon, ftp, kern, lpr, mail, news, security (deprecated synonym for auth),
# syslog, user, uucp, and local0 to local7 inclusive
#LOG_FACILITY="local0"
# Verbosity of output to stdout. Range: [0-9]
# + With a non zero environment variable `DEBUG_INFO' additional debugging information is printed
# 0 = No messages are shown. Exit status indicates success or failure.
# 1 = Shows start and end message and errors.
# 2 = Main title and warning messages are also shown.
# 3 = Sub title messages are shown in addition.
# 4 = Info title, config and rule file loading messages, are shown additionally.
# 5 = Also show notice messages.
# 6 = Verbose output.
# 7 = Also show IP-Array internals.
# 8 = Debug mode (set -x).
# 9 = More verbose debug mode (set -vx).
#VERBOSE=6
# Syslog verbosity. Range: [0-6]
# 0 = Errror messages are shown.
# 1 = Main title and warning messages are shown.
# 2 = Subtitle messages are shown in addition.
# 3 = Info title, config and rule file loading messages, are shown additionally.
# 4 = Also show notice messages.
# 5 = Verbose output.
# 6 = Also show IP-Array internals.
#SYSLOG_VERBOSE=0
# Message colours
# Valid colour values are:
# black, blue, cyan, green, magenta, red, white, yellow
COLOR_MSG_MAIN_TITLE="magenta" # main title
COLOR_MSG_SUBTITLE="blue" # sub title
COLOR_MSG_INFO_TITLE="cyan" # info title
COLOR_MSG_ERROR="red" # error message
COLOR_MSG_WARNING="yellow" # warning message
COLOR_MSG_NOTICE="white" # notice message
COLOR_MSG_CONFIG_LOAD="green" # config file loading
COLOR_MSG_RULE_LOAD="yellow" # rule file loading
#-------------------------------------------------------------------------------
# PROGRAMS mandatory to run IP-Array
#-------------------------------------------------------------------------------
# Automatically retrieve paths to programs.
#AUTO_GET_PROGS=1
# Otherwise specify program names or absolute paths
AT="/usr/bin/at" # at
BC="/usr/bin/bc" # bc
CAT="/bin/cat" # cat
DATE="/bin/date" # date
DIALOG="/usr/bin/dialog" # dialog
DIFF="/usr/bin/diff" # diff
FIND="/usr/bin/find" # find
GREP="/bin/grep" # grep
IP="/sbin/ip" # iproute2
IPSET="/sbin/ipset" # ipset
IPT="/sbin/iptables" # iptables
IPT_SAVE="/sbin/iptables-save" # iptables-save
IPT_RESTORE="/sbin/iptables-restore" # iptables-restore
LOGGER="/usr/bin/logger" # logging executable (not mandatory)
LSMOD="/sbin/lsmod" # lsmod
MODPROBE="/sbin/modprobe" # modprobe
NFACCT="/usr/sbin/nfacct" # nfacct
RM="/bin/rm" # rm
SORT="/usr/bin/sort" # sort
SYSCTL="/sbin/sysctl" # sysctl
TC="/sbin/tc" # tc
UNAME="/bin/uname" # uname
WHIPTAIL="/usr/bin/whiptail" # whiptail
#-------------------------------------------------------------------------------
# FILES AND DIRECTORIES
#-------------------------------------------------------------------------------
# IP-Array base directory
#BASE_DIR="/etc/ip-array"
# Library directory for the function files
#LIB_DIR="/usr/lib/ip-array"
# Directory to put the pid file into
#LOCK_DIR="/var/run"
# Data directory
#SHARE_DIR="/usr/share/ip-array"
# Configuration directory - below $BASE_DIR
#CONF_DIR="conf.d"
# Main configuration file
#CONFIG="ip-array.conf"
# File to put the saved ruleset into.
# Applies to all the save* parameters
#SAVE_FILE="iptables_ruleset.save"
# File to put the ipset output into,
# when executing IP-Array with the 'save' parameter,
# or to load, when restoring with the 'restore' parameter
#IPSET_SAVE_FILE="ipset_ruleset.save"
# File where the generated commands will be saved, if executing IP-Array with the
# 'save[ -iptables | -modprobe | -sysctl | -tc | -shaping ]-commands' parameters
# The target directory will be $BASE_DIR/save.d
#RULESETFILE="ip-array_commands.bash"
# File to save the iptables rule listing (iptables (-S|-nL) into, after applying the rules.
# This file will be used to check for a difference to the currently active ruleset,
# when using the 'diff-last-activated' startup parameter.
#DIFF_FILE="iptables_ruleset_saved_for_diff"
# System standards
#SERVICES="/etc/services"
#PROTOCOLS="/etc/protocols"
#-------------------------------------------------------------------------------
# Quick start settings - Files to load, if RESTORE_ON_START is '1'.
#-------------------------------------------------------------------------------
# Restore saved ruleset on start (quick start)
#RESTORE_ON_START=1
# Known good ruleset file to save and restore to/from
#KNOWN_GOOD_RULESET="KNOWN_GOOD_RULESET.bash"
#-------------------------------------------------------------------------------
# BASIC CONFIGURATION PARAMETERS
#-------------------------------------------------------------------------------
# Save iptables commands as command list or in iptables-save format
# Valid values: cmd / ipt
# Defaults to: cmd
#GEN_FORMAT=ipt
# Use ipset.
# If disabled, builtin usage, as well as user defined ipset rules, are turned off
# Format: 0/1
# Defaults to: 0
#USE_IPSET=1
# Maximal amount of ipset sets that can be created (compiled into kernel)
# Format: integer
# Defaults to: 256
#MAX_SETS=256
# In case saving or restoring with iptables-save or iptables-restore fails,
# and 'RESTORE_ON_START' is enabled, the iptables ruleset will be saved
# like running IP-Array with the 'save-iptables-commands' parameter.
# The saved script will then be executed on 'start'.
#IPTSAVE_FAILS=1
# Perform a simple syntax check using `bash -n' before sourcing files.
#SYNTAX_CHECK=1
# Time period in minutes to restore saved ruleset when using 'test' startup parameter,
# or the -t | --test option.
# Defaults to: 7
#RELOAD_TIME="7"
#-------------------------------------------------------------------------------
# INTERACTIVE MODE
#-------------------------------------------------------------------------------
# Interactive mode requires a dialog program.
# Either dialog (version 1.2+) or whiptail are supported
# The variable can be either:
# - empty for automatic detection
# (make sure one of the variables DIALOG, or WHIPTAIL is defined
# or automatic detection of programs can find them.)
# - dialog or whiptail
# - the full path to one of them
#DIALOG_PROG=dialog