netscript-ipfilter 5.4.10 / etc / netscript / network.conf

This file is indexed.

/etc/netscript/network.conf is in netscript-ipfilter 5.4.10.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
###############################################################################
# General Settings
###############################################################################
#
# VERBOSE=(YES/NO)			Default: Yes
# Be verbose about settings.
VERBOSE=YES

# IPV4_FWDING_KERNEL=(YES/NO/FILTER_ON)	Default: NO
# IPV6_FWDING_KERNEL=(YES/NO/FILTER_ON)	Default: NO
# Enable IP forwarding in the kernel.  FILTER_ON means forwarding will
# only happen when IP filtering rules are loaded
IPV4_FWDING_KERNEL=YES
IPV6_FWDING_KERNEL=YES

###########################
# Backups and compilation #
###########################
#
# BACKUP_LEVELS - maximum level of back up kept.  This is done by appending
# the number 0 to the setting below to the file name, and rotating them.
# Suggested minumum for this is 2, for 5 lots of backup. Can't be set 
# any lower than 2.
BACKUP_LEVELS=3
#

############################################################################
# This set of variables is used with the bolierplate chain creation commands
############################################################################

# HINT: Create the log and rejectlog chains before any of the others
#
#       with the 'netscript ipfilter exec log|rejectlog' command.


##################################
# log chain  - for IPv4 and IPv6 #
##################################

# Syslog level for IP tables kernel messages - v4 and v6
LOG_LEVEL=warning

# Maximum log message rate - v4 and v6
LOG_MAXRATE=3  # messages per second

# Log target - DROP/REJECT 
LOG_TARGET=REJECT
IPV6_LOG_TARGET=REJECT

###############################
# IPv6 ICMP chains - limit rates
###############################

# NOTE - icmphost target rulle will generate martians chain and hook it in 
# appropriately

# ICMP rate limit for this host 
IPV6_ICMPHOST_MAXRATE=200 # messages per second

IPV6_ICMPFWD_MAXRATE=1000 # messages per second

# ICMPv6 we optionally want to accept of forward.  All other ICMPv6 is logged
# droped  See RFC 4980 and tail of 'ip6tables -p icmpv6 -h' output.
# MIPv6 ICMP messages are ICMP types 144, 145, 146, and 147
# MIPv6 is really useful when tunnelled via IPSEC
# Router Renumbering is type 138
IPV6_ICMPHOST_OPTIONAL="redirect 144 145 146 147"
IPV6_ICMPFWD_OPTIONAL="144 145 146 147"

###################
# martians chains #
###################

# Net blocks to bypass martians checking on - useful for internal
# RFC 1918 netblocks.
#MARTIAN_BYPASS="10.0.0.0/8 192.168.1.0/24"
#IPV6_MARTIAN_BYPASS="fd13::123:456::/48"

# Extra blocks for the martian chain
MARTIAN_NETS=""			# List of additional martian/invalid 
				# IP source addresses - network/mask
IPV6_MARTIAN_NETS=""

# Logging of private networks - mostly 'noise'
# default is NO
LOG_NOISE="NO"
IPV6_LOG_NOISE="NO"

###########################################
# ingress chain - for IP spoof protection #
###########################################
        
# List of IP numbers common to the box - this is to protect against
# spoofing of the interface addresses on the machine when using Free S/WAN
# IPSEC.  Insert your interface IPs here, and tie the chain in where 
# appropriate on the INPUT and FORWARD chains
#INGRESS_IPS="127.0.0.1 192.168.1.1 192.168.2.1"
INGRESS_IPS="127.0.0.1 203.79.116.183 192.168.110.254 172.31.10.254"
IPV6_INGRESS_IPS="fd14:828:ba69:1::254 2001:470:f012::254 fd14:828:ba69:2::254 2001:470:f012:2::254 2001:470:c:2e6::2"
# Same as above but for use in the ingrssfwd chain for FORWARD chain
# Note interface name can be added to end
#INGRESS_FWD_NETS="127.0.0.0/8 192.168.1.0/24_eth0 192.168.2.1_eth1"
#IPV6_INGRESS_FWD_NETS="fd14:828:ba69::/48"

##############
# snmp chain #
##############

# List of IP  Nos used for SNMP management
#SNMP_MANAGER_IPS="192.168.1.1"
#IPV6_SNMP_MANAGER_IPS="::1"

# Destination block for SNMP blocking - set this to the address containing your
# routers
#SNMP_DEST_BLOCK=0/0
#IPV6_SNMP_DEST_BLOCK=::/0

########################
# Border router chains #
########################

# This set of variables is used with the inbrdr and outbrdr border
# router chains

# The Link network
#   - Use these if your network link to the outside is in one of your
#     IP Number Blocks
#LINK_NET="192.168.1.0/30"
#IPV6_LINK_NET="2001:db8:1:1::/64"

# Our IP number blocks
#IP_BLOCKS="192.0.2.145/32"
#IPV6_IP_BLOCKS="2001:db8:1:2::/48"

# Block incoming/outgoing SMB/Netbios - YES/NO (v4 and v6)
SMB_BLOCK=YES

# Block incoming SNMP, - YES/NO (v4 and v6)
SNMP_BLOCK=YES

# Blocked inbound source addresses
#BLOCKED_INSRC="all_192.0.2.1"
#IPV6_BLOCKED_INSRC="all_2001:db8::1"
BLOCKED_INSRC=""
IPV6_BLOCKED_INSRC=""

# Logged blocked inbound source addresses
#LOGGED_BLOCKED_INSRC="all_192.0.2.1"
#IPV6_LOGGED_BLOCKED_INSRC="all_2001:db8::2"

# Blocked inbound destinations
#BLOCKED_INDEST="tcp_10.0.2.1_23 udp_10.0.3.4_domain"
#IPV6_BLOCKED_INDEST="tcp_2001:db8::1_23 udp_2001:db8::2_domain"

# Logged blocked inbound dests
#LOGGED_BLOCKED_INDEST="tcp_192.0.2.6_smtp"
#IPV6_LOGGED_BLOCKED_INDEST="tcp_2001:db8::23_smtp"

# The DNS servers that are to do zone trasfers
#DNS_IPS="192.0.2.45"
#IPV6_DNS_IPS="2001:db8::4"

# Blocked outbound destinations
#BLOCKED_OUTDEST="tcp_10.0.0.1_23 udp_10.0.0.2_domain"
#IPV6_BLOCKED_OUTDEST="tcp_2001:db8::1_23 udp_2001:db8::2_domain"

# Logged blocked outbound dests
#LOGGED_BLOCKED_OUTDEST="tcp_10.0.0.1_smtp"
#IPV6_LOGGED_BLOCKED_OUTDEST="tcp_2001:db8::45_smtp"

# outbrdr output target - RETURN or ACCEPT
# RETURN is usefull with IPv6 CPE for SOHO / geek domestic
#OUT_TARGET=ACCEPT
#IPV6_OUT_TARGET=ACCEPT
IPV6_OUT_TARGET=RETURN

APT Browse - Built by Thomas Orozco.