FIREWALL=yes

# Location of programs/configuration files
FIREWALL_DIR="/etc/sysconfig/firewall.d"

iptables="/usr/sbin/iptables"
iptsave="/usr/sbin/iptables-save"
iptrestore="/usr/sbin/iptables-restore"

ip6tables="/usr/sbin/ip6tables"
ip6tsave="/usr/sbin/ip6tables-save"
ip6trestore="/usr/sbin/ip6tables-restore"

# Which tables you want set up (filter, nat, mangle)
ipv4_TABLES="filter"
ipv6_TABLES=

# Connetion tracking (defaults to yes as it's VERY usefull also on non-nat boxes)
CONNTRACK="yes"

# Which ports to track (FTP,IRC,Eggdrop) empty = defaults
# May be needed by conntrack and NAT
FTP_PORTS=
IRC_PORTS=
EGGDROP_PORTS=

# FXP (direct FTP 2 FTP transport) support in conntrack_ftp
FTP_FXP="yes"

# Size (number of entries) of hash tables for connection tracking and NAT
# default is 1/16384 of memory
CONNTRACK_HASHSIZE=
NAT_HASHSIZE=

# Policies for chains:
# IPv4:
ipv4_filter_INPUT="ACCEPT"
ipv4_filter_OUTPUT="ACCEPT"
ipv4_filter_FORWARD="DROP"

ipv4_nat_OUTPUT="ACCEPT"
ipv4_nat_PREROUTING="ACCEPT"
ipv4_nat_POSTROUTING="ACCEPT"

ipv4_mangle_OUTPUT="ACCEPT"
ipv4_mangle_PREROUTING="ACCEPT"

ipv4_drop_DROPPING="DROP"

# IPv6:
ipv6_filter_INPUT="ACCEPT"
ipv6_filter_OUTPUT="ACCEPT"
ipv6_filter_FORWARD="DROP"

ipv6_mangle_OUTPUT="ACCEPT"
ipv6_mangle_PREROUTING="ACCEPT"
