23 lines
486 B
Plaintext
23 lines
486 B
Plaintext
# Host-specific configuration for nft-fw.
|
|
# This file is read by /usr/local/sbin/fw-apply.
|
|
#
|
|
# Syntax: shell KEY=VALUE
|
|
# Values "true/false" are parsed case-insensitively.
|
|
|
|
# Interfaces / networks
|
|
EXT_IF=eth0
|
|
PRIV_IF=enp7s0
|
|
PRIV_NET=172.20.0.0/21
|
|
|
|
# Feature toggles
|
|
ALLOW_SSH_PUBLIC_IN=true
|
|
ALLOW_APT_PUBLIC_OUT=true
|
|
|
|
# ICMP toggles
|
|
ALLOW_ICMP4_PUBLIC=true
|
|
ALLOW_ICMP6_PUBLIC=true
|
|
|
|
# Force ICMPv6 essential types when EXT_IF is "in use" (SSH or APT enabled)
|
|
FORCE_ICMP6_ESSENTIAL=true
|
|
|