74 lines
2.3 KiB
Plaintext
74 lines
2.3 KiB
Plaintext
# .fwknoprc
|
|
##############################################################################
|
|
#
|
|
# Firewall Knock Operator (fwknop) client rc file.
|
|
#
|
|
# This file contains user-specific fwknop client configuration default
|
|
# and named parameter sets for specific invocations of the fwknop client.
|
|
#
|
|
# Each section (or stanza) is identified and started by a line in this
|
|
# file that contains a single identifier surrounded by square brackets.
|
|
#
|
|
# The parameters within the stanza typicaly match corresponding client
|
|
# command-line parameters.
|
|
#
|
|
# The first one should always be `[default]' as it defines the global
|
|
# default settings for the user. These override the program defaults
|
|
# for these parameter. If a named stanza is used, its entries will
|
|
# override any of the default. Command-line options will trump them
|
|
# all.
|
|
#
|
|
# Subsequent stanzas will have only the overriding and destination
|
|
# specific parameters.
|
|
#
|
|
# Lines starting with `#' and empty lines are ignored.
|
|
#
|
|
# See the fwknop.8 man page for a complete list of valid parameters
|
|
# and their values.
|
|
#
|
|
##############################################################################
|
|
#
|
|
# We start with the 'default' stanza. Uncomment and edit for your
|
|
# preferences. The client will use its build-in default for those items
|
|
# that are commented out.
|
|
#
|
|
[default]
|
|
|
|
#DIGEST_TYPE sha256
|
|
#FW_TIMEOUT 30
|
|
#SPA_SERVER_PORT 62201
|
|
#SPA_SERVER_PROTO udp
|
|
#ALLOW_IP <ip addr>
|
|
#SPOOF_USER <username>
|
|
#SPOOF_SOURCE_IP <IPaddr>
|
|
#TIME_OFFSET 0
|
|
#USE_GPG N
|
|
#GPG_HOMEDIR /path/to/.gnupg
|
|
#GPG_SIGNER <signer ID>
|
|
#GPG_RECIPIENT <recipient ID>
|
|
HMAC_DIGEST_TYPE sha256
|
|
KEY rijndaeltest
|
|
HMAC_KEY hmactest
|
|
|
|
# User-provided named stanzas:
|
|
|
|
# Example for a destination server of 192.168.1.20 to open access to
|
|
# SSH for an IP that is resoved externally, and one with a NAT request
|
|
# for a specific source IP that maps port 8088 on the server
|
|
# to port 88 on 192.168.1.55 with timeout.
|
|
#
|
|
#[myssh]
|
|
#SPA_SERVER 192.168.1.20
|
|
#ACCESS tcp/22
|
|
#ALLOW_IP resolve
|
|
#
|
|
#[mynatreq]
|
|
#SPA_SERVER 192.168.1.20
|
|
#ACCESS tcp/8088
|
|
#ALLOW_IP 10.21.2.6
|
|
#NAT_ACCESS 192.168.1.55,88
|
|
#CLIENT_TIMEOUT 60
|
|
#
|
|
|
|
###EOF###
|