- Added several variables that exist in snort signatures such as

SMTP_SERVERS, SHELLCODE_PORTS, etc. - The ____SERVERS variables default to the internal interface on the firewall (similar to the snort defaults of "$HOME_NET"). git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@27 af5c991a-1414-0410-86ad-c3437102cd4a
mrash · Mar 25, 2003 · cce2f9d · cce2f9d
1 parent 3a126c5
commit cce2f9d
Showing 1 changed file with 30 additions and 12 deletions.
diff --git a/fwsnort.conf b/fwsnort.conf
@@ -1,7 +1,8 @@
 #
 ###########################################################################
 #
-#  This is the configuration file for fwsnort.
+#  This is the configuration file for fwsnort.  It is very similar to the
+#  configuration file for snort.
 #
 ###########################################################################
 #
@@ -10,7 +11,7 @@
 
 ### Define the number of interfaces on the machine (1, 2, or 3).
 ### For now the maximum is 3.
-NUM_INTERFACES  _CHANGEME_;
+NUM_INTERFACES      _CHANGEME_;
 
 ### Define the interfaces on the iptables machine.  NOTE:
 ### if there is only one interface, then comment out the
@@ -19,19 +20,36 @@ NUM_INTERFACES  _CHANGEME_;
 ### the network interface names of the internal and external
 ### interfaces as reported under ifconfig (e.g. "eth1" and
 ### "eth0").  If there are more than two interfaces, then
-### uncomment the "INTERNAL_DMZ" line.   fwsnort supports
-### up to three interfaces for now.
-INTERNAL_INTF   _CHANGEME_;
-#INTERNAL_DMZ     _CHANGEME_;
-EXTERNAL_INTF   _CHANGEME_;
+### uncomment the "DMZ_INTF" line.   fwsnort supports
+### up to three interfaces (for now).
 
+EXTERNAL_INTF       _CHANGEME_;    ### e.g. "eth0"
+INTERNAL_INTF       _CHANGEME_;    ### e.g. "eth1"
+#DMZ_INTF            _CHANGEME_;   ### e.g. "eth2"
 
-### Webserver config
-HTTP_PORTS      80;
 
-### If you are not running any webservers then just comment
-### out this next line.
-HTTP_SERVERS    _CHANGEME_;
+### By default the SERVER variables are linked to the
+### internal interface on the firewall, but can contain a
+### comma separated list of ip addresses or networks.
+### IMPORTANT:  If you are running iptables on an ordinary
+### host without multiple network interfaces, then you
+### will need to point the following variables to
+### "$EXTERNAL_INTF".  For example:
+### HTTP_SERVERS    $EXTERNAL_INTF;
+
+HTTP_SERVERS        $INTERNAL_INTF;
+SMTP_SERVERS        $INTERNAL_INTF;
+DNS_SERVERS         $INTERNAL_INTF;
+SQL_SERVERS         $INTERNAL_INTF;
+TELNET_SERVERS      $INTERNAL_INTF;
+
+### AOL AIM server nets
+AIM_SERVERS         64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 64.12.28.0/24, 64.12.29.0/24, 64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24
+
+### Configurable port numbers
+HTTP_PORTS          80;
+SHELLCODE_PORTS     !80;
+ORACLE_PORTS        1521;
 
 ### system binaries
 shCmd           /bin/sh;