This file is indexed.

/etc/nufw/acls.nufw is in nuauth 2.4.3-3.3build2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# ACLs file for the plaintext module
#
# Example of ACL
# ==============
#
# [Sample ACL]
# gid=100,101           # which groups are concerned
# gid=103               # several lines can be used
# uid=100,101           # which user ids are concerned
# uid=103               # several lines can be used
# proto=6               # IP protocol: 1=ICMP, 6=TCP (default), 17=UDP
# type=0                # Type, for ICMP protocol only
# SrcIP=10.10.0.1       # Source IP, equivalent to 10.10.0.1/32
# SrcPort=1024-65535    # List of source ports (a single port is ok)
# DstIP=10.10.0.5       # Destination IP address
# DstIP=10.10.0.8, 10.10.1.0/24 # There can be several IP addresses/lines
# DstPort=5150-5153     # List of destination ports
# DstPort=22,25         # There can be several lines
# decision=1            # 0=drop, 1=accept, 3=reject (2 is reserved: "no decide")
#
# Default values:
#    - decision: 1 (ACCEPT)
#    - protocol: 6 (TCP)
#    - SrcIP: any IP address
#    - DstIP: any IP address
#    - SrcPort: any port
#    - DstPort: any port
#
# Application filtering:
#     App=/usr/bin/perl
# Several applications can be given:
#     App=/usr/bin/ssh
#     App=/usr/bin/nc
#
# OS checking:
#     OS = Linux
# You can give the kernel release:
#     OS = Linux ; 2.6.8
# and the kernel version:
#     OS = Linux ; 2.6.8 ; #3 Fri Aug 27 20:37:38 CEST 2004
# (Several OS can be given)
# 
# Interface checking:
#     [indev|outdev|physindev|physoutdev] = eth0
# You have to specify complete interface name and blob are
# not allowed.
#
# Log prefix:
#     log_prefix = ssh
#
# You need to use period defined in your period handling module:
#     period = 24x7
#
# ACL flags is an integer coding properties of the ACL:
#     flags = 1
#
# Flags value are used by bit comparison. You can combien the following
# value
#  * 1: do aysnchronous login on packet accepted by ACL, equivalent
#  to don't do Single Sign On on the ACL.
#  * 2: Don't log
#  * 4: Log synchronously (set it for SSO if not globally set)
#  * 8: Log strictly (set it for SSO)
# Flag bits can be used to set a mark on packet. See mark_flag module.
# Authentication quality can be used to limit authorization following the
# type of authentication used
#     authquality = LEVEL
# defined levels are: 0 auth by IP fallback method, 1 auth by SASL, 2 auth by certificate

[ssh]
gid=100
DstPort=22
App=/usr/bin/ssh
OS=Linux

[http]
gid=100,102,103
DstPort=80

[https]
gid=100
gid=102
DstPort=443

[full access for group 103]
gid=103