KnutWall configuration
KnutWall uses /etc/knutwall/config as configuration file. You have to edit this file before you start KnutWall. The configuration is a set of varibales. You should NEVER delete a variable, all variables described in this file are mandatory. The KnutWall config parser is case sensitive and all values must be written in lower case. Variable names however, must be written in upper case.
You will find a brief description of all supported variables below.
LOCAL : Interface used for local network connection. Example: LOCAL="eth0" INET : Interface used for internet connection. Example: INET="none" LAN : Your local network. Example: LAN="192.168.0.0/24" TCPSYNLIMIT : TCP syn flood limit on the internet interface. Example: TCPSYNLIMIT="5/s" TCPSYNLIMITBURST : TCP syn flood limit burst on the internet interface. Example: TCPSYNLIMITBURST="5" PINGLIMIT : ICMP echo limit. Example: PINGLIMIT="1/s" PINGLIMITBURST : ICMP echo limit burst. Example: PINGLIMITBURST="5" LOGPING : Log all ICMP echo requests. Example: LOGPING="true" LOCALTCP : A list of TCP ports to open on the local interface. Example: LOCALTCP="ftp,domain,22,www" LOCALUDP : A list of UDP ports to open on the local interface. Example: LOCALUDP="domain,22,bootps" INETTCP : A list of TCP ports to open on the internet interface. Example: INETTCP="none" INETUDP : A list of UDP ports to open on the internet interface. Example: INETUDP="none" REJECT : A list of rejected ports on all interfaces. Example: REJECT="auth" UNPRIVPORTS : Unpriviliged ports on the local interface. Example: UNPRIVPORTS="1024:65535" DROPICMPECHO : Drop ICMP echo requests on all interfaces. Example: DROPICMPECHO="false" NAT : Network address translation. Example: NAT="true" STRICTNAT : Only defined hosts will be accepted in the FORWARD chain if set to "true". See man knutwall. SILENT : Silent means no output. SILENT="false" ALLOW_IPV6 : Allow IPv6 traffic to pass thru the firewall
See also the knutwall man page.