| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 |
- # letmeind daemon configuration.
- [GENERAL]
- # This config section holds general options.
- # Enable debugging.
- # This will print verbose syslog messages while modifying the firewall.
- #
- # Possible values: true, false
- debug = true
- # The control port that letmeind will listen on.
- # This is the public internet facing port of the daemon.
- #
- # Possible values: Any valid port; TCP, UDP or both.
- # If TCP and UDP flags are not specified, this defaults to TCP.
- port = 5800
- #port = 5800 / udp
- #port = 5800 / tcp, udp
- # Timeout (in seconds) for receiving and sending messages on the control port.
- # If the timeout is exceeded, the TCP connection will be aborted.
- #
- # Possible values: A positive number of seconds.
- control-timeout = 5.0
- # Control port error policy.
- #
- # If the policy is set to 'always', then error messages will always
- # be transmitted to the connected client.
- # If the policy is set to 'basic-auth', then error messages are suppressed
- # unless the connected client has passed basic authentication.
- # If the policy is set to 'full-auth', then error messages are suppressed
- # unless the connected client has passed full authentication.
- #
- # Possible values: always, basic-auth, full-auth
- # The recommended value is: basic-auth
- # The default value is: always
- control-error-policy = always
- # Turn the Linux seccomp feature on.
- #
- # Possible values: off, log, kill
- #
- # off: Seccomp turned off.
- # log: Seccomp turned off, but access of prohibited syscalls will be logged to syslog.
- # kill: Seccomp turned on. Letmeind will be killed if prohibited syscalls are called.
- seccomp = off
- [NFTABLES]
- # This config section holds the nftables firewall configuration.
- # Path to the `nft` nftables executable.
- #
- # If this is an absolute path (with leading slash), then $PATH will not be searched.
- # If this is a relative path (no leading slash), then $PATH and/or the current working
- # directory will be searched.
- exe = nft
- #exe = /usr/sbin/nft
- # nftables chain that letmeinfwd will modity.
- family = inet
- table = filter
- chain-input = LETMEIN-INPUT
- # Timeout of installed knock-open rules.
- # Knocked-open ports will be closed again this many seconds after the knocking.
- timeout = 600
- [KEYS]
- # This config section holds the table of users with their corresponding keys.
- #
- # Use command to generate new keys:
- # letmein gen-key
- # User 00000001:
- #00000001 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
- # User 00000002:
- #00000002 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
- [RESOURCES]
- # This config section holds the table of knock-able ports.
- # Resource ID '1A' maps to TCP port 2000:
- #0000001A = port: 2000
- # Resource ID '1B' maps to TCP port 3500:
- #0000001B = port: 3500
- # A resource can be restricted to one or more users.
- # Restricted to users 1 and 2:
- #0000001C = port: 4500 / users: 00000001, 00000002
- # Restricted to user 1:
- #0000001D = port: 5500 / users: 00000001
- # Open port 6500 for TCP and UDP.
- #0000001E = port: 6500 / tcp,udp
|
