mirror of
https://github.com/firehol/firehol.git
synced 2024-06-30 19:02:21 +00:00
Allow some configuration to be set by environment
- Variables that can now be set by environment variables: FIREHOL_ESTABLISHED_ACTIVATION_ACCEPT FIREHOL_FORWARD_ACTIVATION_POLICY FIREHOL_INPUT_ACTIVATION_POLICY FIREHOL_OUTPUT_ACTIVATION_POLICY FIREHOL_AUTOSAVE FIREHOL_LOAD_KERNEL_MODULES FIREHOL_NAT FIREHOL_ROUTING - This can still _only_ be set by an environment variable: WAIT_FOR_IFACE
This commit is contained in:
parent
224491aaf3
commit
84bfb2d437
@ -417,10 +417,6 @@ fi
|
|||||||
FIREHOL_CONFIG_DIR="/etc/firehol"
|
FIREHOL_CONFIG_DIR="/etc/firehol"
|
||||||
FIREHOL_CONFIG="${FIREHOL_CONFIG_DIR}/firehol.conf"
|
FIREHOL_CONFIG="${FIREHOL_CONFIG_DIR}/firehol.conf"
|
||||||
|
|
||||||
# Where /etc/init.d/iptables expects its configuration?
|
|
||||||
# Leave it empty for automatic detection
|
|
||||||
FIREHOL_AUTOSAVE=
|
|
||||||
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Make sure we automatically cleanup when we exit.
|
# Make sure we automatically cleanup when we exit.
|
||||||
@ -706,6 +702,50 @@ UNROUTABLE_IPS="${RESERVED_IPS} ${PRIVATE_IPS}"
|
|||||||
load_ips UNROUTABLE_IPS "${UNROUTABLE_IPS}" 0
|
load_ips UNROUTABLE_IPS "${UNROUTABLE_IPS}" 0
|
||||||
|
|
||||||
# ----------------------------------------------------------------------
|
# ----------------------------------------------------------------------
|
||||||
|
# Runtime control variables
|
||||||
|
# These do not affect the final firewall output and will honour the
|
||||||
|
# environment variable of the same name if it is set. They can also
|
||||||
|
# be set in the configuration file.
|
||||||
|
|
||||||
|
# Which is the filter table chains policy during firewall activation?
|
||||||
|
test -z "$FIREHOL_INPUT_ACTIVATION_POLICY" && \
|
||||||
|
FIREHOL_INPUT_ACTIVATION_POLICY="ACCEPT"
|
||||||
|
test -z "$FIREHOL_OUTPUT_ACTIVATION_POLICY" && \
|
||||||
|
FIREHOL_OUTPUT_ACTIVATION_POLICY="ACCEPT"
|
||||||
|
test -z "$FIREHOL_FORWARD_ACTIVATION_POLICY" && \
|
||||||
|
FIREHOL_FORWARD_ACTIVATION_POLICY="ACCEPT"
|
||||||
|
|
||||||
|
# Do we allow pre-existing connections to continue during activation?
|
||||||
|
test -z "$FIREHOL_ESTABLISHED_ACTIVATION_ACCEPT" && \
|
||||||
|
FIREHOL_ESTABLISHED_ACTIVATION_ACCEPT=1
|
||||||
|
|
||||||
|
# If set to 0, firehol will not try to load the required kernel modules
|
||||||
|
test -z "$FIREHOL_LOAD_KERNEL_MODULES" && \
|
||||||
|
FIREHOL_LOAD_KERNEL_MODULES=1
|
||||||
|
|
||||||
|
# Set this to 1 have firehol load NAT kernel modules
|
||||||
|
# It will generally be set automatically at an appropriate time
|
||||||
|
test -z "$FIREHOL_NAT" && \
|
||||||
|
FIREHOL_NAT=0
|
||||||
|
|
||||||
|
# Set this to 1 routing should be enabled in the kernel
|
||||||
|
# It will generally be set automatically at an appropriate time
|
||||||
|
test -z "$FIREHOL_ROUTING" && \
|
||||||
|
FIREHOL_ROUTING=0
|
||||||
|
|
||||||
|
# Where /etc/init.d/iptables expects its configuration?
|
||||||
|
# Leave it empty for automatic detection
|
||||||
|
test -z "$FIREHOL_AUTOSAVE" && \
|
||||||
|
FIREHOL_AUTOSAVE=
|
||||||
|
|
||||||
|
# Set to non-empty to wait (max 60 seconds) for a network interface
|
||||||
|
test -z "$WAIT_FOR_IFACE" && \
|
||||||
|
WAIT_FOR_IFACE=
|
||||||
|
|
||||||
|
# ----------------------------------------------------------------------
|
||||||
|
# Firewall configuration variables
|
||||||
|
# These affect the final output firewall. They can be set in the
|
||||||
|
# configuration file.
|
||||||
|
|
||||||
# The default policy for the interface commands of the firewall.
|
# The default policy for the interface commands of the firewall.
|
||||||
# This can be controlled on a per interface basis using the
|
# This can be controlled on a per interface basis using the
|
||||||
@ -717,11 +757,6 @@ DEFAULT_INTERFACE_POLICY="DROP"
|
|||||||
# policy interface subscommand.
|
# policy interface subscommand.
|
||||||
DEFAULT_ROUTER_POLICY="RETURN"
|
DEFAULT_ROUTER_POLICY="RETURN"
|
||||||
|
|
||||||
# Which is the filter table chains policy during firewall activation?
|
|
||||||
FIREHOL_INPUT_ACTIVATION_POLICY="ACCEPT"
|
|
||||||
FIREHOL_OUTPUT_ACTIVATION_POLICY="ACCEPT"
|
|
||||||
FIREHOL_FORWARD_ACTIVATION_POLICY="ACCEPT"
|
|
||||||
|
|
||||||
# Should we drop all INVALID packets always?
|
# Should we drop all INVALID packets always?
|
||||||
FIREHOL_DROP_INVALID=0
|
FIREHOL_DROP_INVALID=0
|
||||||
|
|
||||||
@ -784,14 +819,6 @@ FIREHOL_KERNEL_MODULES=""
|
|||||||
#
|
#
|
||||||
# to have FireHOL require a specific module for the configurarion.
|
# to have FireHOL require a specific module for the configurarion.
|
||||||
|
|
||||||
# Set this to 1 in the configuration file to have FireHOL complex
|
|
||||||
# services' rules load NAT kernel modules too.
|
|
||||||
FIREHOL_NAT=0
|
|
||||||
|
|
||||||
# Set this to 1 in the configuration file if routing should be enabled
|
|
||||||
# in the kernel.
|
|
||||||
FIREHOL_ROUTING=0
|
|
||||||
|
|
||||||
# Services may add themeselves to this variable so that the service "all" will
|
# Services may add themeselves to this variable so that the service "all" will
|
||||||
# also call them.
|
# also call them.
|
||||||
# By default it is empty - only rules programmers should change this.
|
# By default it is empty - only rules programmers should change this.
|
||||||
@ -813,11 +840,7 @@ FIREHOL_SAVE=0
|
|||||||
# Valid only for FIREHOL_MODE="START"
|
# Valid only for FIREHOL_MODE="START"
|
||||||
FIREHOL_TRY=0
|
FIREHOL_TRY=0
|
||||||
|
|
||||||
# If set to 0, FireHOL will not try to load the required kernel modules.
|
# If set to 1, firehol will output the commands of the configuration file
|
||||||
# It can be set in the configuration file.
|
|
||||||
FIREHOL_LOAD_KERNEL_MODULES=1
|
|
||||||
|
|
||||||
# If set to 1, FireHOL will output the commands of the configuration file
|
|
||||||
# with variables expanded.
|
# with variables expanded.
|
||||||
FIREHOL_CONF_SHOW=1
|
FIREHOL_CONF_SHOW=1
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user