/etc/ipkungfu/forward.conf is in ipkungfu 0.6.1-6.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | # =========================================================================
# $Id: forward.conf 41 2005-10-30 23:39:47Z s0undt3ch $
# =========================================================================
# The FORWARD chain in iptables dictates the fate of any packet
# that wants to travel past this machine, in either direction.
# The defaults here are reasonable for machines acting as routers
# for a *private* subnet, or standalone machines connected to the
# internet without a local network. You should edit this file if
# any of the following are true:
#
# - the machine running ipkungfu is a firewall/gateway for machines
# with *public* ip addresses
# - you want to customize what parts of your local network are to
# be allowed access to what internet services
# - you simply want more granular control of traffic passing
# through your firewall/gateway
#
# The syntax of most of this file is similar to that of vhosts.conf
# and it serves a similar purpose. You cannot forward ports in
# this file, though. Only packets already destined for a machine
# on your network will be affected by this file. For that reason
# this file can be used to customize how traffic is filtered that
# has already been forwarded by vhosts.conf.
# This sets the default policy for the FORWARD chain. The default
# setting here is "ACCEPT" for standalone machines and private
# subnets, since no packets will reach the FORWARD chain in the
# first case, and outside forces cannot route packets on a private
# network in the second case. Valid choices here are ACCEPT
# and DROP (I recently learned that for reasons I don't understand
# REJECT is not a valid policy for the FORWARD chain).
FORWARD_POLICY=ACCEPT
# Here is where you specify what hosts or nets on the Internet are
# to be allowed to access what hosts or nets on your network, or
# the other way around. The syntax is for this part of the file
# is source:destination:port:protocol:target. All the colons are
# required. If any part of the sequence is left blank, it will
# not be matched. For example:
#
# :192.168.0.10:::ACCEPT
#
# The source host, port, and protocol have all been left blank,
# meaning that any type of traffic from any source is permitted
# to go to 192.168.0.10. Valid protocols can be found in
# /etc/protocols. Valid targets are ACCEPT, REJECT, DROP, and
# LOG. In the case of LOG, an optional sixth parameter may be
# used to specify the log prefix. For example:
#
# 208.14.0.0/255.255.0.0:192.168.0.7:80:tcp:LOG:Webserver Hit
# 208.14.0.0/255.255.0.0:192.168.0.7:80:tcp:ACCEPT
#
# In this case, all traffic from 208.14.*.* destined for
# 192.168.0.7 on tcp port 80 is logged and accepted. Note
# that both these rules are required, in this order, for the
# traffic to be logged and accepted (unless your default
# FORWARD policy is ACCEPT, in which case it will be
# accepted unless otherwise specified). If a rule other than
# LOG is encountered, the packet will be assigned the fate
# of the specified target and stop traversing the FORWARD
# chain. For this reason, logging rules must come before
# any rule that specifies a type of filter, such as DROP,
# REJECT, or ACCEPT.
#0/0:192.168.0.10:23:tcp:LOG:Telnet
#0/0:192.168.0.10:23:tcp:ACCEPT
|