# this file maintained using arch at http://arch.gna.org/uruk/
# Sample Uruk rc file

# Copyright (C) 2003 Stichting LogReport Foundation logreport@logreport.org
# Copyright (C) 2003, 2004 Tilburg University http://www.uvt.nl/
# Copyright (C) 2003, 2004, 2005 Joost van Baal
#
# This file is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU GPL for more details.
#
# You should have received a copy of the GNU GPL along with this file, see
# e.g. the file named COPYING.  If not, see <http://www.gnu.org/licenses/>.

# Uruk version compatibility of this rc file
version=20071030

# Log denied packets, which are targetted at one of our IPs.  Do not log
# blocked broadcasts.
loglevel=30

# List of network interfaces.  lo should not be in this list (see below). For
# every interface <if>, variables ip_<if>, bcast_<if> and net_<if> should be
# defined.
interfaces="eth0 eth1"

# List of network interfaces we want uruk to leave alone: all traffic on these
# interfaces will be trusted and accepted.  By default, interfaces_unprotect=lo
#
interfaces_unprotect="lo sit0 eth3"

# For each interface <if> in interfaces, ip_<if> and net_<if> should be
# defined
ip_eth0=10.56.0.201
# If you have enabled IPv6 support, supply IPv6 addresses like this:
# ip6_eth0=2006:488:1a9b:0:4a54:e8ff:fe2b:f25c
ip_eth1=192.168.0.4

# To which network does this interface belong?  Should be one of
# 0.0.0.0/0 (aka 0/0) 10.0.0.0/8 (aka 10./8) 172.16.0.0/12 (aka 172.16./12)
# 192.168.0.0/16 (aka 192.168./16) . Used to decide wether a
# packet for this interface is spoofed, and therefore should get dropped.
net_eth0=0/0          # FIXME only allow full names here?
net_eth1=192.168./16

# Subset of interfaces, which should drop broadcast and multicast packets
interfaces_nocast="eth0"

# For each interface <if> in interfaces_nocast, bcast_<if> should be defined
bcast_eth0=10.56.255.255


# You can define any shell variable, and reference it later on
localnet="10.56./16"
all=0/0

# For each interface, and for both tcp and udp, symbolic names of (sets of)
# services could be defined, in variables services_<if>_{tcp,udp}.
services_eth0_tcp="mail local public"

# For every servicesetname <s>, every interface <if>, and tcp and/or udp, a
# list of allowed source addresses should be defined in a variable
# sources_<if>_{tcp,udp}_<s> .  Furthermore a list of ports should be defined
# in a variable ports_<if>_{tcp,udp}_<s> .

# A valid source is 192.168.6.26, another valid source is 192.168.6./24.
# One can add DNS domainnames like gandalf.example.com too: iptables will
# perform a DNS lookup
sources_eth0_tcp_mail="10./24 10.56.38./24 192.168.6.26" # FIXME: does iptables
                                                         # know how to parse this?
sources_eth0_tcp_local="$localnet gandalf.example.com"
sources_eth0_tcp_public=$all
# If you have enabled IPv6 support, supply IPv6 addresses like this:
# sources6_eth0_tcp_public="0000:0000:0000:0000:0000:0000:0000:0000/0" # (aka ::/0)

# Symbolic port names are fine.
ports_eth0_tcp_mail=smtp
ports_eth0_tcp_local="ssh ftp"
ports_eth0_tcp_public="www"


services_eth0_udp="syslog local"

sources_eth0_udp_syslog="10.56.0.10/32"
sources_eth0_udp_local=$localnet

ports_eth0_udp_syslog="syslog"
# Port ranges are allowed too
ports_eth0_udp_local="ntp 605:608 853:876"