# letmeind daemon configuration. [GENERAL] # This config section holds general options. # Enable debugging. # This will print verbose syslog messages while modifying the firewall. # # Possible values: true, false debug = true # The control port that letmeind will listen on. # This is the public internet facing port of the daemon. # # Possible values: Any valid TCP/IP port. port = 5800 # Timeout (in seconds) for receiving and sending messages on the control port. # If the timeout is exceeded, the TCP connection will be aborted. # # Possible values: A positive number of seconds. control-timeout = 5.0 # Control port error policy. # # If the policy is set to 'always', then error messages will always # be transmitted to the connected client. # If the policy is set to 'basic-auth', then error messages are suppressed # unless the connected client has passed basic authentication. # If the policy is set to 'full-auth', then error messages are suppressed # unless the connected client has passed full authentication. # # Possible values: always, basic-auth, full-auth # The recommended value is: basic-auth # The default value is: always control-error-policy = always # Turn the Linux seccomp feature on. # # Possible values: off, log, kill # # off: Seccomp turned off. # log: Seccomp turned off, but access of prohibited syscalls will be logged to syslog. # kill: Seccomp turned on. Letmeind will be killed if prohibited syscalls are called. seccomp = off [NFTABLES] # This config section holds the nftables firewall configuration. # nftables chain that letmeinfwd will modity. family = inet table = filter chain-input = LETMEIN-INPUT # Timeout of installed knock-open rules. # Knocked-open ports will be closed again this many seconds after the knocking. timeout = 600 [KEYS] # This config section holds the table of users with their corresponding keys. # # Use command to generate new keys: # letmein gen-key # User 00000001: #00000001 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF # User 00000002: #00000002 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [RESOURCES] # This config section holds the table of knock-able ports. # Resource ID '1A' maps to TCP port 2000: #0000001A = port: 2000 # Resource ID '1B' maps to TCP port 3500: #0000001B = port: 3500 # A resource can be restricted to one or more users. # Restricted to users 1 and 2: #0000001C = port: 4500 / users: 00000001, 00000002 # Restricted to user 1: #0000001D = port: 5500 / users: 00000001 # Open port 6500 for TCP and UDP. #0000001E = port: 6500 / tcp,udp