/etc/netscript/network.conf is in netscript-ipfilter 5.4.10.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 | ###############################################################################
# General Settings
###############################################################################
#
# VERBOSE=(YES/NO) Default: Yes
# Be verbose about settings.
VERBOSE=YES
# IPV4_FWDING_KERNEL=(YES/NO/FILTER_ON) Default: NO
# IPV6_FWDING_KERNEL=(YES/NO/FILTER_ON) Default: NO
# Enable IP forwarding in the kernel. FILTER_ON means forwarding will
# only happen when IP filtering rules are loaded
IPV4_FWDING_KERNEL=YES
IPV6_FWDING_KERNEL=YES
###########################
# Backups and compilation #
###########################
#
# BACKUP_LEVELS - maximum level of back up kept. This is done by appending
# the number 0 to the setting below to the file name, and rotating them.
# Suggested minumum for this is 2, for 5 lots of backup. Can't be set
# any lower than 2.
BACKUP_LEVELS=3
#
############################################################################
# This set of variables is used with the bolierplate chain creation commands
############################################################################
# HINT: Create the log and rejectlog chains before any of the others
#
# with the 'netscript ipfilter exec log|rejectlog' command.
##################################
# log chain - for IPv4 and IPv6 #
##################################
# Syslog level for IP tables kernel messages - v4 and v6
LOG_LEVEL=warning
# Maximum log message rate - v4 and v6
LOG_MAXRATE=3 # messages per second
# Log target - DROP/REJECT
LOG_TARGET=REJECT
IPV6_LOG_TARGET=REJECT
###############################
# IPv6 ICMP chains - limit rates
###############################
# NOTE - icmphost target rulle will generate martians chain and hook it in
# appropriately
# ICMP rate limit for this host
IPV6_ICMPHOST_MAXRATE=200 # messages per second
IPV6_ICMPFWD_MAXRATE=1000 # messages per second
# ICMPv6 we optionally want to accept of forward. All other ICMPv6 is logged
# droped See RFC 4980 and tail of 'ip6tables -p icmpv6 -h' output.
# MIPv6 ICMP messages are ICMP types 144, 145, 146, and 147
# MIPv6 is really useful when tunnelled via IPSEC
# Router Renumbering is type 138
IPV6_ICMPHOST_OPTIONAL="redirect 144 145 146 147"
IPV6_ICMPFWD_OPTIONAL="144 145 146 147"
###################
# martians chains #
###################
# Net blocks to bypass martians checking on - useful for internal
# RFC 1918 netblocks.
#MARTIAN_BYPASS="10.0.0.0/8 192.168.1.0/24"
#IPV6_MARTIAN_BYPASS="fd13::123:456::/48"
# Extra blocks for the martian chain
MARTIAN_NETS="" # List of additional martian/invalid
# IP source addresses - network/mask
IPV6_MARTIAN_NETS=""
# Logging of private networks - mostly 'noise'
# default is NO
LOG_NOISE="NO"
IPV6_LOG_NOISE="NO"
###########################################
# ingress chain - for IP spoof protection #
###########################################
# List of IP numbers common to the box - this is to protect against
# spoofing of the interface addresses on the machine when using Free S/WAN
# IPSEC. Insert your interface IPs here, and tie the chain in where
# appropriate on the INPUT and FORWARD chains
#INGRESS_IPS="127.0.0.1 192.168.1.1 192.168.2.1"
INGRESS_IPS="127.0.0.1 203.79.116.183 192.168.110.254 172.31.10.254"
IPV6_INGRESS_IPS="fd14:828:ba69:1::254 2001:470:f012::254 fd14:828:ba69:2::254 2001:470:f012:2::254 2001:470:c:2e6::2"
# Same as above but for use in the ingrssfwd chain for FORWARD chain
# Note interface name can be added to end
#INGRESS_FWD_NETS="127.0.0.0/8 192.168.1.0/24_eth0 192.168.2.1_eth1"
#IPV6_INGRESS_FWD_NETS="fd14:828:ba69::/48"
##############
# snmp chain #
##############
# List of IP Nos used for SNMP management
#SNMP_MANAGER_IPS="192.168.1.1"
#IPV6_SNMP_MANAGER_IPS="::1"
# Destination block for SNMP blocking - set this to the address containing your
# routers
#SNMP_DEST_BLOCK=0/0
#IPV6_SNMP_DEST_BLOCK=::/0
########################
# Border router chains #
########################
# This set of variables is used with the inbrdr and outbrdr border
# router chains
# The Link network
# - Use these if your network link to the outside is in one of your
# IP Number Blocks
#LINK_NET="192.168.1.0/30"
#IPV6_LINK_NET="2001:db8:1:1::/64"
# Our IP number blocks
#IP_BLOCKS="192.0.2.145/32"
#IPV6_IP_BLOCKS="2001:db8:1:2::/48"
# Block incoming/outgoing SMB/Netbios - YES/NO (v4 and v6)
SMB_BLOCK=YES
# Block incoming SNMP, - YES/NO (v4 and v6)
SNMP_BLOCK=YES
# Blocked inbound source addresses
#BLOCKED_INSRC="all_192.0.2.1"
#IPV6_BLOCKED_INSRC="all_2001:db8::1"
BLOCKED_INSRC=""
IPV6_BLOCKED_INSRC=""
# Logged blocked inbound source addresses
#LOGGED_BLOCKED_INSRC="all_192.0.2.1"
#IPV6_LOGGED_BLOCKED_INSRC="all_2001:db8::2"
# Blocked inbound destinations
#BLOCKED_INDEST="tcp_10.0.2.1_23 udp_10.0.3.4_domain"
#IPV6_BLOCKED_INDEST="tcp_2001:db8::1_23 udp_2001:db8::2_domain"
# Logged blocked inbound dests
#LOGGED_BLOCKED_INDEST="tcp_192.0.2.6_smtp"
#IPV6_LOGGED_BLOCKED_INDEST="tcp_2001:db8::23_smtp"
# The DNS servers that are to do zone trasfers
#DNS_IPS="192.0.2.45"
#IPV6_DNS_IPS="2001:db8::4"
# Blocked outbound destinations
#BLOCKED_OUTDEST="tcp_10.0.0.1_23 udp_10.0.0.2_domain"
#IPV6_BLOCKED_OUTDEST="tcp_2001:db8::1_23 udp_2001:db8::2_domain"
# Logged blocked outbound dests
#LOGGED_BLOCKED_OUTDEST="tcp_10.0.0.1_smtp"
#IPV6_LOGGED_BLOCKED_OUTDEST="tcp_2001:db8::45_smtp"
# outbrdr output target - RETURN or ACCEPT
# RETURN is usefull with IPv6 CPE for SOHO / geek domestic
#OUT_TARGET=ACCEPT
#IPV6_OUT_TARGET=ACCEPT
IPV6_OUT_TARGET=RETURN
|