| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 |
- # letmeind daemon configuration.
- [GENERAL]
- # This config section holds general options.
- # Enable debugging.
- # This will print verbose syslog messages while modifying the firewall.
- #
- # Possible values: true, false
- debug = true
- # The control port that letmeind will listen on.
- # This is the public internet facing port of the daemon.
- #
- # Possible values: Any valid port; TCP, UDP or both.
- # If TCP and UDP flags are not specified, this defaults to TCP.
- port = 5800
- #port = 5800 / udp
- #port = 5800 / tcp, udp
- # Timeout (in seconds) for receiving and sending messages on the control port.
- # If the timeout is exceeded, the TCP connection will be aborted.
- #
- # Possible values: A positive number of seconds.
- control-timeout = 5.0
- # Control port error policy.
- #
- # If the policy is set to 'always', then error messages will always
- # be transmitted to the connected client.
- # If the policy is set to 'basic-auth', then error messages are suppressed
- # unless the connected client has passed basic authentication.
- # If the policy is set to 'full-auth', then error messages are suppressed
- # unless the connected client has passed full authentication.
- #
- # Possible values: always, basic-auth, full-auth
- # The recommended value is: basic-auth
- # The default value is: always
- control-error-policy = always
- # Turn the Linux seccomp feature on.
- #
- # Possible values: off, log, kill
- #
- # off: Seccomp turned off.
- # log: Seccomp turned off, but access of prohibited syscalls will be logged to syslog.
- # kill: Seccomp turned on. Letmeind will be killed if prohibited syscalls are called.
- seccomp = off
- [NFTABLES]
- # This config section holds the nftables firewall configuration.
- # nftables chain that letmeinfwd will modity.
- family = inet
- table = filter
- chain-input = LETMEIN-INPUT
- # Timeout of installed knock-open rules.
- # Knocked-open ports will be closed again this many seconds after the knocking.
- timeout = 600
- [KEYS]
- # This config section holds the table of users with their corresponding keys.
- #
- # Use command to generate new keys:
- # letmein gen-key
- # User 00000001:
- #00000001 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
- # User 00000002:
- #00000002 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
- [RESOURCES]
- # This config section holds the table of knock-able ports.
- # Resource ID '1A' maps to TCP port 2000:
- #0000001A = port: 2000
- # Resource ID '1B' maps to TCP port 3500:
- #0000001B = port: 3500
- # A resource can be restricted to one or more users.
- # Restricted to users 1 and 2:
- #0000001C = port: 4500 / users: 00000001, 00000002
- # Restricted to user 1:
- #0000001D = port: 5500 / users: 00000001
- # Open port 6500 for TCP and UDP.
- #0000001E = port: 6500 / tcp,udp
|
