当前位置: 技术问答>linux和unix
请教tdifw-1.4.4配置方法,网上无找不到。
来源: 互联网 发布时间:2016-03-06
本文导语: 下面为tdifw.conf文件内容: ; ; Here's TdiFw sample configuration file ; ; It looks like similiar ini-file: sections, names and values ; and comments after ';' at the begining of line ; ; --- config file signature: don't change it --- [_signatur...
下面为tdifw.conf文件内容:
;
; Here's TdiFw sample configuration file
;
; It looks like similiar ini-file: sections, names and values
; and comments after ';' at the begining of line
;
; --- config file signature: don't change it ---
[_signature_]
_signature_=$tdi_fw$
; --- basic config parameters ---
[_config_]
; write ALLOW events to event log:
; 0 - don't write, write them to text log file
; 1 - write to event log
eventlog_allow=0
; write DENY events to event log
eventlog_deny=0
; write ERROR events to event log
eventlog_error=0
; wave file to play on DENY IN LOG
;wave_deny_in=D:WINNTMediadeny_in.wav
; wave file to play on DENY OUT LOG
;wave_deny_out=D:WINNTMediadeny_out.wav
; --- Rulesets ---
;
; Default ruleset (must be in first line):
;
; _default_=section_1 section_2 ... section_n
;
; rules are in sections (for example [section_n]) in this file
; in order from first to last
;
; Process-related ruleset:
;
; = ...
;
; process-related rules (don't related with default). Example:
;
; c:winntsystem32telnet.exe=allow_all
;
; Note1: max number of rulesets is 128
; (for details see MAX_CHAINS_COUNT in ipc.h)
; Note2: process name can contain environment variables for example
; %SystemRoot%
[_main_]
_default_=custom localnet localhost
%SystemRoot%system32telnet.exe=allow_all
; --- User rights ---
;
; You can assign what sections are allowed for users.
;
; _default_=*
;
; all sections are allowed for specified users. Or:
;
; _default_=section_1 section_2 ... section_n
;
; (_default_ must be in first line)
;
; =*
; =section_1 section_2 ... section_n
;
; You can specify instead of
;
; Example:
;
; vasya=localhost
;
; For user "vasya" allow access to localhost only.
;
; Process-related rulesets & user rights together make 2-dimensional
; array. Each entry in array contains section (with rules). You may
; say section is an "role".
;
; Example:
; | User-1 | User-2 | User-3 | Others (default)
; ----------+--------+--------+--------+-------------------
; Process-1 | A | A | | A
; Process-2 | B | | A | B
; Process-3 | C | | B |
; Other proc| A B | B C D| C D| A B C D
;
[_users_]
_default_=*
NT AUTHORITYSYSTEM=*
; --- Host names resolution ---
;
; =
; =/mask
;
; Then use names instead of addresses in rules.
;
[_hosts_]
ANY=0.0.0.0/0
; SELF is ANY equialent meaning this host
SELF=0.0.0.0/0
; change it to yours
LOCALNET=192.168.0.0/24
; addresses (add your own ones)
localhost=127.0.0.1
DNS_SERVER=127.0.0.1
;
; []
;
; is rule section (ruleset) with ALLOW or DENY rules
;
; Format of rule:
;
; [:] ALLOW|DENY TCP|UDP|RawIP|* IN|OUT|* FROM TO [NOLOG|COUNT]
;
; - name of the rule (will appear in logs or section name if you don't
; specify ) 32 characters maximum
;
; ALLOW or DENY - type of rule: allow or deny datagram or connection
;
; TCP, UDP, RawIP or * - protocol (RawIP is using of raw sockets,
; "*" - any protocol)
;
; IN, OUT or * - direction for datagram or connection ("*" - IN/OUT)
; NOTE: for "*" FROM address is _local_ side
;
;
; NOLOG - don't log using of this rule
; COUNT - count bytes of traffic for datagram/connections
;
; - [/][:[-]
;
; - IP address or host name (see [_hosts_])
; - network mask (from 0 to 32)
; - port number (from 0 to 65535)
; - define port range from to
;
; Examples:
;
; ALLOW TCP OUT FROM SELF TO ANY:135 NOLOG
; ALLOW UDP IN FROM LOCALNET:135 TO SELF:1024-4096
;
; If no rule's found: DENY and LOG by default
[custom]
; allow external networks activity you're using:
; www proxy
; smtp server
; pop3/imap4 server
; dns server
proxy: ALLOW TCP OUT FROM SELF TO 192.168.0.254:8080
smtp: ALLOW TCP OUT FROM SELF TO 192.168.0.254:25
; etc.
dns: ALLOW UDP * FROM SELF TO DNS_SERVER:53
[localnet]
; allow and log all localnet activity
tcp-localnet: ALLOW TCP * FROM SELF TO LOCALNET
; It may be useful: don't log NetBT UDP packets
ALLOW UDP * FROM SELF:137-138 TO LOCALNET:137-138 NOLOG
udp-localnet: ALLOW UDP * FROM SELF TO LOCALNET
ALLOW RawIP * FROM SELF TO LOCALNET NOLOG
; allow broadcasts
broadcast: ALLOW UDP OUT FROM SELF TO 255.255.255.255
[localhost]
; allow and don't log localhost activity
ALLOW * * FROM SELF TO localhost NOLOG
[allow_all]
; do you really want to use this rules section?
any: ALLOW * * FROM SELF TO ANY
;
; Here's TdiFw sample configuration file
;
; It looks like similiar ini-file: sections, names and values
; and comments after ';' at the begining of line
;
; --- config file signature: don't change it ---
[_signature_]
_signature_=$tdi_fw$
; --- basic config parameters ---
[_config_]
; write ALLOW events to event log:
; 0 - don't write, write them to text log file
; 1 - write to event log
eventlog_allow=0
; write DENY events to event log
eventlog_deny=0
; write ERROR events to event log
eventlog_error=0
; wave file to play on DENY IN LOG
;wave_deny_in=D:WINNTMediadeny_in.wav
; wave file to play on DENY OUT LOG
;wave_deny_out=D:WINNTMediadeny_out.wav
; --- Rulesets ---
;
; Default ruleset (must be in first line):
;
; _default_=section_1 section_2 ... section_n
;
; rules are in sections (for example [section_n]) in this file
; in order from first to last
;
; Process-related ruleset:
;
; = ...
;
; process-related rules (don't related with default). Example:
;
; c:winntsystem32telnet.exe=allow_all
;
; Note1: max number of rulesets is 128
; (for details see MAX_CHAINS_COUNT in ipc.h)
; Note2: process name can contain environment variables for example
; %SystemRoot%
[_main_]
_default_=custom localnet localhost
%SystemRoot%system32telnet.exe=allow_all
; --- User rights ---
;
; You can assign what sections are allowed for users.
;
; _default_=*
;
; all sections are allowed for specified users. Or:
;
; _default_=section_1 section_2 ... section_n
;
; (_default_ must be in first line)
;
; =*
; =section_1 section_2 ... section_n
;
; You can specify instead of
;
; Example:
;
; vasya=localhost
;
; For user "vasya" allow access to localhost only.
;
; Process-related rulesets & user rights together make 2-dimensional
; array. Each entry in array contains section (with rules). You may
; say section is an "role".
;
; Example:
; | User-1 | User-2 | User-3 | Others (default)
; ----------+--------+--------+--------+-------------------
; Process-1 | A | A | | A
; Process-2 | B | | A | B
; Process-3 | C | | B |
; Other proc| A B | B C D| C D| A B C D
;
[_users_]
_default_=*
NT AUTHORITYSYSTEM=*
; --- Host names resolution ---
;
; =
; =/mask
;
; Then use names instead of addresses in rules.
;
[_hosts_]
ANY=0.0.0.0/0
; SELF is ANY equialent meaning this host
SELF=0.0.0.0/0
; change it to yours
LOCALNET=192.168.0.0/24
; addresses (add your own ones)
localhost=127.0.0.1
DNS_SERVER=127.0.0.1
;
; []
;
; is rule section (ruleset) with ALLOW or DENY rules
;
; Format of rule:
;
; [:] ALLOW|DENY TCP|UDP|RawIP|* IN|OUT|* FROM TO [NOLOG|COUNT]
;
; - name of the rule (will appear in logs or section name if you don't
; specify ) 32 characters maximum
;
; ALLOW or DENY - type of rule: allow or deny datagram or connection
;
; TCP, UDP, RawIP or * - protocol (RawIP is using of raw sockets,
; "*" - any protocol)
;
; IN, OUT or * - direction for datagram or connection ("*" - IN/OUT)
; NOTE: for "*" FROM address is _local_ side
;
;
; NOLOG - don't log using of this rule
; COUNT - count bytes of traffic for datagram/connections
;
; - [/][:[-]
;
; - IP address or host name (see [_hosts_])
; - network mask (from 0 to 32)
; - port number (from 0 to 65535)
; - define port range from to
;
; Examples:
;
; ALLOW TCP OUT FROM SELF TO ANY:135 NOLOG
; ALLOW UDP IN FROM LOCALNET:135 TO SELF:1024-4096
;
; If no rule's found: DENY and LOG by default
[custom]
; allow external networks activity you're using:
; www proxy
; smtp server
; pop3/imap4 server
; dns server
proxy: ALLOW TCP OUT FROM SELF TO 192.168.0.254:8080
smtp: ALLOW TCP OUT FROM SELF TO 192.168.0.254:25
; etc.
dns: ALLOW UDP * FROM SELF TO DNS_SERVER:53
[localnet]
; allow and log all localnet activity
tcp-localnet: ALLOW TCP * FROM SELF TO LOCALNET
; It may be useful: don't log NetBT UDP packets
ALLOW UDP * FROM SELF:137-138 TO LOCALNET:137-138 NOLOG
udp-localnet: ALLOW UDP * FROM SELF TO LOCALNET
ALLOW RawIP * FROM SELF TO LOCALNET NOLOG
; allow broadcasts
broadcast: ALLOW UDP OUT FROM SELF TO 255.255.255.255
[localhost]
; allow and don't log localhost activity
ALLOW * * FROM SELF TO localhost NOLOG
[allow_all]
; do you really want to use this rules section?
any: ALLOW * * FROM SELF TO ANY
|
arduous job.
|
这个是什么东东噢???
您可能感兴趣的文章:
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。