diff options
Diffstat (limited to 'cf/conf/config.xml')
-rw-r--r-- | cf/conf/config.xml | 522 |
1 files changed, 522 insertions, 0 deletions
diff --git a/cf/conf/config.xml b/cf/conf/config.xml new file mode 100644 index 0000000..1dba5ab --- /dev/null +++ b/cf/conf/config.xml @@ -0,0 +1,522 @@ +<?xml version="1.0"?> +<!-- m0n0wall default system configuration --> +<m0n0wall> + <version>1.4</version> + <lastchange></lastchange> + <system> + <hostname>m0n0wall</hostname> + <domain>local</domain> + <dnsserver></dnsserver> + <dnsallowoverride/> + <username>admin</username> + <password>$1$2xGLA75j$W/jiJc00HYBZX7kFjxjQv0</password> + <timezone>Etc/UTC</timezone> + <time-update-interval>300</time-update-interval> + <timeservers>pool.ntp.org</timeservers> + <webgui> + <protocol>http</protocol> + <!-- + <port></port> + <certificate></certificate> + <private-key></private-key> + <noassigninterfaces/> + <expanddiags/> + <noantilockout></noantilockout> + --> + </webgui> + <!-- <disableconsolemenu/> --> + <!-- <disablefirmwarecheck/> --> + <!-- <shellcmd></shellcmd> --> + <!-- <earlyshellcmd></earlyshellcmd> --> + <!-- <harddiskstandby></harddiskstandby> --> + </system> + <interfaces> + <lan> + <if>sis0</if> + <ipaddr>192.168.1.1</ipaddr> + <subnet>24</subnet> + <media></media> + <mediaopt></mediaopt> + <!-- + <wireless> + *see below (opt[n])* + </wireless> + --> + </lan> + <wan> + <if>sis1</if> + <mtu></mtu> + <ipaddr>dhcp</ipaddr> + <!-- *or* ipv4-address *or* 'pppoe' *or* 'pptp' *or* 'bigpond' --> + <subnet></subnet> + <gateway></gateway> + <blockpriv/> + <dhcphostname></dhcphostname> + <media></media> + <mediaopt></mediaopt> + <!-- + <wireless> + *see below (opt[n])* + </wireless> + --> + </wan> + <!-- + <opt[n]> + <enable/> + <descr></descr> + <if></if> + <ipaddr></ipaddr> + <subnet></subnet> + <media></media> + <mediaopt></mediaopt> + <bridge>lan|wan|opt[n]</bridge> + <wireless> + <mode>hostap *or* bss *or* ibss</mode> + <ssid></ssid> + <channel></channel> + <wep> + <enable/> + <key> + <txkey/> + <value></value> + </key> + </wep> + </wireless> + </opt[n]> + --> + </interfaces> + <!-- + <vlans> + <vlan> + <tag></tag> + <if></if> + <descr></descr> + </vlan> + </vlans> + --> + <staticroutes> + <!-- + <route> + <interface>lan|opt[n]|pptp</interface> + <network>xxx.xxx.xxx.xxx/xx</network> + <gateway>xxx.xxx.xxx.xxx</gateway> + <descr></descr> + </route> + --> + </staticroutes> + <pppoe> + <username></username> + <password></password> + <provider></provider> + <!-- + <ondemand/> + <timeout></timeout> + --> + </pppoe> + <pptp> + <username></username> + <password></password> + <local></local> + <subnet></subnet> + <remote></remote> + <!-- + <ondemand/> + <timeout></timeout> + --> + </pptp> + <bigpond> + <username></username> + <password></password> + <authserver></authserver> + <authdomain></authdomain> + <minheartbeatinterval></minheartbeatinterval> + </bigpond> + <dyndns> + <!-- <enable/> --> + <type>dyndns</type> + <username></username> + <password></password> + <host></host> + <mx></mx> + <!-- <wildcard/> --> + </dyndns> + <dhcpd> + <lan> + <enable/> + <range> + <from>192.168.1.100</from> + <to>192.168.1.199</to> + </range> + <!-- + <winsserver>xxx.xxx.xxx.xxx</winsserver> + <defaultleasetime></defaultleasetime> + <maxleasetime></maxleasetime> + <gateway>xxx.xxx.xxx.xxx</gateway> + <domain></domain> + <dnsserver></dnsserver> + <next-server></next-server> + <filename></filename> + --> + </lan> + <!-- + <opt[n]> + ... + </opt[n]> + --> + <!-- + <staticmap> + <mac>xx:xx:xx:xx:xx:xx</mac> + <ipaddr>xxx.xxx.xxx.xxx</ipaddr> + <descr></descr> + </staticmap> + --> + </dhcpd> + <pptpd> + <mode><!-- off *or* server *or* redir --></mode> + <redir></redir> + <localip></localip> + <remoteip></remoteip> + <!-- <accounting/> --> + <!-- + <user> + <name></name> + <password></password> + </user> + --> + </pptpd> + <ovpn> + <!-- + <server> + <enable/> + <ca_cert></ca_cert> + <srv_cert></srv_cert> + <srv_key></srv_key> + <dh_param></dh_param> + <verb></verb> + <tun_iface></tun_iface> + <port></port> + <bind_iface></bind_iface> + <cli2cli/> + <maxcli></maxcli> + <prefix></prefix> + <ipblock></ipblock> + <crypto></crypto> + <dupcn/> + <psh_options> + <redir></redir> + <redir_loc></redir_loc> + <rte_delay></rte_delay> + <ping></ping> + <pingrst></pingrst> + <pingexit></pingexit> + <inact></inact> + </psh_options> + </server> + <client> + <tunnel></tunnel> + <ca_cert></ca_cert> + <cli_cert></cli_cert> + <cli_key></cli_key> + <type></type> + <tunnel> + <if></if> + <proto></proto> + <cport></cport> + <saddr></saddr> + <sport></sport> + <crypto></crypto> + </tunnel> + </client> + --> + </ovpn> + <dnsmasq> + <enable/> + <!-- + <hosts> + <host></host> + <domain></domain> + <ip></ip> + <descr></descr> + </hosts> + --> + </dnsmasq> + <snmpd> + <!-- <enable/> --> + <syslocation></syslocation> + <syscontact></syscontact> + <rocommunity>public</rocommunity> + </snmpd> + <diag> + <ipv6nat> + <!-- <enable/> --> + <ipaddr></ipaddr> + </ipv6nat> + </diag> + <bridge> + <!-- <filteringbridge/> --> + </bridge> + <syslog> + <!-- + <reverse/> + <enable/> + <remoteserver>xxx.xxx.xxx.xxx</remoteserver> + <filter/> + <dhcp/> + <system/> + <nologdefaultblock/> + --> + </syslog> + <!-- + <captiveportal> + <enable/> + <interface>lan|opt[n]</interface> + <idletimeout>minutes</idletimeout> + <timeout>minutes</timeout> + <page> + <htmltext></htmltext> + <errtext></errtext> + </page> + <httpslogin/> + <httpsname></httpsname> + <certificate></certificate> + <private-key></private-key> + <redirurl></redirurl> + <radiusip></radiusip> + <radiusport></radiusport> + <radiuskey></radiuskey> + <nomacfilter/> + </captiveportal> + --> + <nat> + <!-- + <rule> + <interface></interface> + <external-address></external-address> + <protocol></protocol> + <external-port></external-port> + <target></target> + <local-port></local-port> + <descr></descr> + </rule> + --> + <!-- + <onetoone> + <interface></interface> + <external>xxx.xxx.xxx.xxx</external> + <internal>xxx.xxx.xxx.xxx</internal> + <subnet></subnet> + <descr></descr> + </onetoone> + --> + <!-- + <advancedoutbound> + <enable/> + <rule> + <interface></interface> + <source> + <network>xxx.xxx.xxx.xxx/xx</network> + </source> + <destination> + <not/> + <any/> + *or* + <network>xxx.xxx.xxx.xxx/xx</network> + </destination> + <target>xxx.xxx.xxx.xxx</target> + <descr></descr> + </rule> + </advancedoutbound> + --> + <!-- + <servernat> + <ipaddr></ipaddr> + <descr></descr> + </servernat> + --> + </nat> + <filter> + <!-- <tcpidletimeout></tcpidletimeout> --> + <rule> + <type>pass</type> + <descr>Default LAN -> any</descr> + <interface>lan</interface> + <source> + <network>lan</network> + </source> + <destination> + <any/> + </destination> + </rule> + <!-- rule syntax: + <rule> + <disabled/> + <type>pass|block|reject</type> + <descr>...</descr> + <interface>lan|opt[n]|wan|pptp</interface> + <protocol>tcp|udp|tcp/udp|...</protocol> + <icmptype></icmptype> + <source> + <not/> + + <address>xxx.xxx.xxx.xxx(/xx) or alias</address> + *or* + <network>lan|opt[n]|pptp</network> + *or* + <any/> + + <port>a[-b]</port> + </source> + <destination> + *same as for source* + </destination> + <frags/> + <log/> + </rule> + --> + </filter> + <shaper> + <!-- <enable/> --> + <!-- rule syntax: + <rule> + <disabled/> + <descr></descr> + + <targetpipe>number (zero based)</targetpipe> + *or* + <targetqueue>number (zero based)</targetqueue> + + <interface>lan|wan|opt[n]|pptp</interface> + <protocol>tcp|udp</protocol> + <direction>in|out</direction> + <source> + <not/> + + <address>xxx.xxx.xxx.xxx(/xx)</address> + *or* + <network>lan|opt[n]|pptp</network> + *or* + <any/> + + <port>a[-b]</port> + </source> + <destination> + *same as for source* + </destination> + + <iplen>from[-to]</iplen> + <iptos>(!)lowdelay,throughput,reliability,mincost,congestion</iptos> + <tcpflags>(!)fin,syn,rst,psh,ack,urg</tcpflags> + </rule> + <pipe> + <descr></descr> + <bandwidth></bandwidth> + <delay></delay> + <mask>source|destination</mask> + </pipe> + <queue> + <descr></descr> + <targetpipe>number (zero based)</targetpipe> + <weight></weight> + <mask>source|destination</mask> + </queue> + --> + </shaper> + <ipsec> + <!-- <enable/> --> + <!-- syntax: + <tunnel> + <disabled/> + <auto/> + <descr></descr> + <interface>lan|wan|opt[n]</interface> + <local-subnet> + <address>xxx.xxx.xxx.xxx(/xx)</address> + *or* + <network>lan|opt[n]</network> + </local-subnet> + <remote-subnet>xxx.xxx.xxx.xxx/xx</remote-subnet> + <remote-gateway></remote-gateway> + <p1> + <mode></mode> + <myident> + <myaddress/> + *or* + <address>xxx.xxx.xxx.xxx</address> + *or* + <fqdn>the.fq.dn</fqdn> + </myident> + <encryption-algorithm></encryption-algorithm> + <hash-algorithm></hash-algorithm> + <dhgroup></dhgroup> + <lifetime></lifetime> + <pre-shared-key></pre-shared-key> + </p1> + <p2> + <protocol></protocol> + <encryption-algorithm-option></encryption-algorithm-option> + <hash-algorithm-option></hash-algorithm-option> + <pfsgroup></pfsgroup> + <lifetime></lifetime> + </p2> + </tunnel> + <mobileclients> + <enable/> + <p1> + <mode></mode> + <myident> + <myaddress/> + *or* + <address>xxx.xxx.xxx.xxx</address> + *or* + <fqdn>the.fq.dn</fqdn> + </myident> + <encryption-algorithm></encryption-algorithm> + <hash-algorithm></hash-algorithm> + <dhgroup></dhgroup> + <lifetime></lifetime> + </p1> + <p2> + <protocol></protocol> + <encryption-algorithm-option></encryption-algorithm-option> + <hash-algorithm-option></hash-algorithm-option> + <pfsgroup></pfsgroup> + <lifetime></lifetime> + </p2> + </mobileclients> + <mobilekey> + <ident></ident> + <pre-shared-key></pre-shared-key> + </mobilekey> + --> + </ipsec> + <aliases> + <!-- + <alias> + <name></name> + <address>xxx.xxx.xxx.xxx(/xx)</address> + <descr></descr> + </alias> + --> + </aliases> + <proxyarp> + <!-- + <proxyarpnet> + <network>xxx.xxx.xxx.xxx/xx</network> + *or* + <range> + <from>xxx.xxx.xxx.xxx</from> + <to>xxx.xxx.xxx.xxx</to> + </range> + </proxyarpnet> + --> + </proxyarp> + <wol> + <!-- + <wolentry> + <interface>lan|opt[n]</interface> + <mac>xx:xx:xx:xx:xx:xx</mac> + <descr></descr> + </wolentry> + --> + </wol> +</m0n0wall> |