fwbuilder-common 5.1.0-4 / usr / share / fwbuilder-5.1.0.3599 / os / secuwall.xml

<?xml version="1.0"?> <!-- -*- mode: xml; -*- -->
<FWBuilderResources>
    <Target name="secuwall">
      <description>secunet wall</description>
      <status>active</status>
      <family>secuwall</family>
      <dialog>secuwall</dialog>
      <cluster_dialog>basic</cluster_dialog>
      <interface_dialog>secuwall</interface_dialog>
      <transfer_agent>transfer_secuwall</transfer_agent>

      <options>
        <user_can_change_install_dir>False</user_can_change_install_dir>
        <default>
          <secuwall_add_files>False</secuwall_add_files>
          <secuwall_add_files_dir>/opt/secuwall/templates/default</secuwall_add_files_dir>
          <secuwall_dns_reso1>files</secuwall_dns_reso1>
          <linux24_ip_forward>1</linux24_ip_forward>
          <loopback_interface>lo</loopback_interface>
          <flush_and_set_default_policy>True</flush_and_set_default_policy>
          <modules_dir>/lib/modules/`uname -r`/kernel/net/</modules_dir>
          <configure_interfaces>False</configure_interfaces>
          <manage_virtual_addr>False</manage_virtual_addr>
          <load_modules>False</load_modules>
          <log_prefix>RULE=%N ACTION=%A </log_prefix>
        </default>

        <interface>
          <iface_mtu>1500</iface_mtu>
          <iface_type>ethernet</iface_type>
        </interface>

        <activation>
          <fwdir>/etc/sysconfig</fwdir>
          <fwdir_test>/tmp</fwdir_test>
        </activation>

        <suppress_comments>False</suppress_comments>
        <suppress_modules>True</suppress_modules>
      </options>

      <capabilities>
        <supports_routing>True</supports_routing>
        <supports_metric>True</supports_metric>
        <supports_routing_itf>True</supports_routing_itf>
        <supports_subinterfaces>True</supports_subinterfaces>
        <supports_advanced_interface_options>True</supports_advanced_interface_options>
        <supports_cluster>True</supports_cluster>
      </capabilities>

      <protocols>
        <failover>
          <string>vrrp,VRRP</string>
          <string>none,None</string>
        </failover>
        <state_sync>
          <string>conntrack,conntrack</string>
        </state_sync>

        <conntrack>
          <needs_master>True</needs_master>
          <default_address>225.0.0.50</default_address>
          <default_port>3780</default_port>
          <dialog>conntrack</dialog>
        </conntrack>

        <vrrp>
          <needs_master>True</needs_master>
          <manage_addresses>True</manage_addresses>
          <dialog>vrrp</dialog>
        </vrrp>
      </protocols>

      <interfaces>
        <cluster>
          <string>vrrp,VRRP</string>
        </cluster>
        <firewall>
          <string>ethernet,Ethernet</string>
          <string>bridge,Bridge</string>
          <string>bonding,Bonding</string>
        </firewall>
      </interfaces>

      <subinterfaces>
        <ethernet>
          <string>8021q,VLAN</string>
          <string>unknown,Unknown</string>
        </ethernet>
        <bridge>
          <string>ethernet,Ethernet</string>
          <string>8021q,VLAN</string>
          <string>unknown,Unknown</string>
        </bridge>
        <bonding>
          <string>ethernet,Ethernet</string>
          <string>8021q,VLAN</string>
          <string>unknown,Unknown</string>
        </bonding>
      </subinterfaces>

      <tools>
        <secuwall>
          <path_lsmod>/bin/lsmod</path_lsmod>
          <path_modprobe>/sbin/modprobe</path_modprobe>
          <path_iptables>/sbin/iptables</path_iptables>
          <path_ip6tables>/sbin/ip6tables</path_ip6tables>
          <path_iptables_restore>/sbin/iptables-restore</path_iptables_restore>
          <path_ip6tables_restore>/sbin/ip6tables-restore</path_ip6tables_restore>
          <path_ip>/sbin/ip</path_ip>
          <path_logger>/usr/bin/logger</path_logger>
          <path_expect>/usr/bin/expect</path_expect>
          <path_ifconfig>/sbin/ifconfig</path_ifconfig>
          <path_vconfig>/sbin/vconfig</path_vconfig>
          <path_brctl>/sbin/brctl</path_brctl>
          <path_ifenslave>/sbin/ifenslave</path_ifenslave>
          <path_ipset>/usr/sbin/ipset</path_ipset>
        </secuwall>
      </tools>
    </Target>

</FWBuilderResources>