##----------------------------------------------------------------------------- ## ipv6.txt - fli4l configuration parameters __FLI4LVER__ ## ## You can edit/change this file with any text editor. ## ## P L E A S E R E A D T H E D O C U M E N T A T I O N , ## S E E R E A D M E . T X T ## ## B I T T E U N B E D I N G T D I E D O K U M E N T A T I O N ## L E S E N , S I E H E R E A D M E . T X T ## ## Creation: Christoph Schulz ## Last Update: $Id$ ## ## Copyright (c) 2001-2011 - Frank Meyer, fli4l-Team - team@fli4l.de ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ##----------------------------------------------------------------------------- #------------------------------------------------------------------------------ # IPv6 general settings #------------------------------------------------------------------------------ OPT_IPV6='no' # set to 'yes' to activate IPv6 support #HOSTNAME_IP6='IPV6_NET_1_IPADDR' # optional, can be used to set the router's # IPv6 address to some address; if left # commented out, this setting is taken from # the first configured IPv6 subnet (see # below) #------------------------------------------------------------------------------ # IPv6 networks #------------------------------------------------------------------------------ IPV6_NET_N='0' # number of IPv6 subnets to configure; # at least one subnet is necessary to # create a local IPv6 network! IPV6_NET_1='2001:db8:13bc::1/64' # first subnet's router address and mask; # note that the net mask must be equal to # 64 if you want to use stateless IPv6 # autoconfiguration (see below) IPV6_NET_1_DEV='eth0' # interface this subnet is bound to IPV6_NET_1_ADVERTISE='yes' # should the subnet prefix be advertised # automatically via RA in order to enable # stateless autoconfiguration? IPV6_NET_1_ADVERTISE_DNS='no' # should the DNS service be advertised # within this subnet via RA? IPV6_NET_1_DHCP='no' # set to 'yes' if you want domain and DNS # server information to be available via # DHCPv6 for hosts in this subnet #------------------------------------------------------------------------------ # IPv6 tunnels #------------------------------------------------------------------------------ IPV6_TUNNEL_N='0' # number of tunnels to set up IPV6_TUNNEL_1_LOCALV4='dynamic' # IPv4 address of the local # tunnel endpoint IPV6_TUNNEL_1_REMOTEV4='203.0.113.188' # IPv4 address of the remote # tunnel endpoint IPV6_TUNNEL_1_LOCALV6='2001:db8:900:530::2/64' # IPv6 address of the local # tunnel endpoint IPV6_TUNNEL_1_TYPE='sixxs-heartbeat' # tunnel type (see documentation) #IPV6_TUNNEL_1_DEV='6in4' # (optional) name of the inter- # face to create for this tunnel #IPV6_TUNNEL_1_MTU='1280' # (optional) MTU size in bytes # for this tunnel IPV6_TUNNEL_1_SIXXS_USERNAME='ABCDE-SIXXS' # user name for TIC login IPV6_TUNNEL_1_SIXXS_PASSWORD='pass' # password for TIC login IPV6_TUNNEL_1_SIXXS_ID='T1234' # tunnel ID #------------------------------------------------------------------------------ # IPv6 routes #------------------------------------------------------------------------------ IPV6_ROUTE_N='0' # number of routes IPV6_ROUTE_1='::/0 2001:db8:900:530::1' # first route (the default one); # should route to the remote # tunnel endpoint if a tunnel is # used #------------------------------------------------------------------------------ # IPv6 multicasting #------------------------------------------------------------------------------ IPV6_MULTICAST='no' # enable multicasting via ecmh tool #------------------------------------------------------------------------------ # Packet filter configuration #------------------------------------------------------------------------------ PF6_INPUT_POLICY='REJECT' # be nice and use reject as policy PF6_INPUT_ACCEPT_DEF='yes' # use default rule set PF6_INPUT_LOG='no' # don't log anything PF6_INPUT_LOG_LIMIT='3/minute:5' # log 3 events per minute; allow a # burst of 5 events PF6_INPUT_REJ_LIMIT='1/second:5' # reject 1 connection per second; allow # a burst of 5 events; otherwise # drop packet PF6_INPUT_UDP_REJ_LIMIT='1/second:5' # reject 1 udp packet per second; allow # a burst of 5 events; otherwise drop # packet PF6_INPUT_N='2' # number of INPUT rules PF6_INPUT_1='[fe80::0]/10 ACCEPT' # allow all hosts in the local # network access to the router PF6_INPUT_2='IPV6_NET_1 ACCEPT' # allow all hosts in the first subnet # access to the router PF6_INPUT_3='tmpl:samba DROP NOLOG' # drop (or reject) samba access PF6_INPUT_3_COMMENT='no samba traffic allowed' # without logging, otherwise # the log file will be filled # with useless entries PF6_FORWARD_POLICY='REJECT' # be nice and use reject as policy PF6_FORWARD_ACCEPT_DEF='yes' # use default rule set PF6_FORWARD_LOG='no' # don't log anything PF6_FORWARD_LOG_LIMIT='3/minute:5' # log 3 events per minute; allow a # burst of 5 events PF6_FORWARD_REJ_LIMIT='1/second:5' # reject 1 connection per second; allow # a burst of 5 events; otherwise # drop packet PF6_FORWARD_UDP_REJ_LIMIT='1/second:5' # reject 1 udp packet per second; # allow a burst of 5 events; # otherwise drop packet PF6_FORWARD_N='2' # number of FORWARD rules PF6_FORWARD_1='tmpl:samba DROP' # drop samba traffic if it tries # to leave the subnet PF6_FORWARD_2='IPV6_NET_1 ACCEPT' # accept everything else PF6_USR_CHAIN_N='0' # number of user-defined tables