![]() Subcommand, action and params have their usual meanings.Ī name must be supplied along with server ports in the form proto/range and client ports which takes only a range. This service is used by FireHOL to allow you create rules for services which do not have a definition. Subcommand custom name svr-proto/ports cli-ports action params : : service: cups Common UNIX Printing SystemĮxample: server custom myimap tcp/143 default accept at the firewall level, if you enable the relative channel drivers of asterisk. You should normally enable sip, h323, rtp, etc. ![]() This service refers only to the manager interface of asterisk. : : service: aptproxy Advanced Packaging Tool Proxy This service allows the remote WEB interfaces of APCUPSD, to connect and get information from the server directly connected to the UPS device. : : service: apcupsdnis APC UPS Daemon Network Information Server You can define port 6544 in APCUPSD, by changing the value of NETPORT in its configuration file, or overwrite this FireHOL service definition using the procedures described in Adding Services in nf(5). Note that the port defined here is not the default port (6666) used if you download and compile APCUPSD, since the default conflicts with IRC and many distributions (like Debian) have changed this to 6544. This service must be defined as "server apcupsd accept" on all machines not directly connected to the UPS (i.e. Note that you have to supply your own name in addition to "anystateless". This service is identical to "any" but does not care about the state of traffic. service: anystateless Match all traffic statelesslyĮxample: server anystateless *myname* accept proto 47 Note that you have to supply your own name in addition to "any". In combination with the firehol-params(5) this service can match unusual traffic (e.g. Matches all traffic (all protocols, ports, etc), but does not care about kernel modules and does not activate any other service indirectly. Service: any Match all traffic (without modules or indirect)Įxample: server any *myname* accept proto 47 nf_conntrack_amanda CONFIG_NF_CONNTRACK_AMANDA.The following complex services are activated: service: amanda Advanced Maryland Automatic Network Disk Archiver This service may indirectly setup a set of other services, if they require kernel modules to be loaded. some ICMPv6 packets, requests and replies taking different routes, complex protocols with no helper loaded). Note that to provide "connections in one direction with replies" semantics, the kernel connection tracker is still used: this will therefore still not match packets if they are not understood as part of a connection (e.g. Matches all traffic (all protocols, ports, etc.). nf_nat_proto_gre CONFIG_NF_NAT_PROTO_GRE.nf_conntrack_proto_gre CONFIG_NF_CT_PROTO_GRE.nf_conntrack_pptp CONFIG_NF_CONNTRACK_PPTP.nf_conntrack_sip CONFIG_NF_CONNTRACK_SIP.nf_conntrack_irc CONFIG_NF_CONNTRACK_IRC.nf_conntrack_ftp CONFIG_NF_CONNTRACK_FTP.Xbox xdmcp DESCRIPTION service: AH IPSec Authentication Header (AH)įor more information see this Archive of the FreeS/WAN documentation and RFC 2402. Samba sane sip smtp smtps snmp snmptrap socks squid ssh stun submission sunrpc swat syslog Radius radiusold radiusoldproxy radiusproxy rdp rndc rsync rtp Ping pop3 pop3s portmap postgres pptp privoxy Netbackup netbios_dgm netbios_ns netbios_ssn nfs nis nntp nntps nrpe ntp nut nxserver Microsoft_ds mms msn msnp ms_ds multicast mysql Iax iax2 ICMP icmp ICMPV6 icmpv6 icp ident imap imaps ipsecnatt ipv6error ipv6mld ipv6neigh ipv6router irc isakmp H323 heartbeat http httpalt https hylafax Firehol-services - FireHOL services list SYNOPSISĪH all amanda any anystateless apcupsd apcupsdnis aptproxy asteriskĭarkstat daytime dcc dcpp dhcp dhcprelay dhcpv6 dict distcc dns
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |