# letmeind daemon configuration.

[GENERAL]
# This config section holds general options.

# Enable debugging.
# This will print verbose syslog messages while modifying the firewall.
#
# Possible values: true, false
debug = true

# The port that letmeind will listen on.
# This is the public internet facing port of the daemon.
#
# Possible values: Any valid TCP/IP port.
port = 5800

# Turn the Linux seccomp feature on.
#
# Possible values: off, log, kill
#
# off: Seccomp turned off.
# log: Seccomp turned off, but access of prohibited syscalls will be logged to syslog.
# kill: Seccomp turned on. Letmeind will be killed if prohibited syscalls are called.
seccomp = off



[NFTABLES]
# This config section holds the nftables firewall configuration.

# nftables chain that letmeinfwd will modity.
family = inet
table = filter
chain-input = LETMEIN-INPUT

# Timeout of installed knock-open rules.
# Knocked-open ports will be closed again this many seconds after the knocking.
timeout = 600



[KEYS]
# This config section holds the table of users with their corresponding keys.
#
# Use command to generate new keys:
#  letmein gen-key

# User 00000001:
#00000001 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

# User 00000002:
#00000002 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF



[RESOURCES]
# This config section holds the table of knock-able ports.

# Resource ID '1A' maps to port 2000:
#0000001A = port: 2000

# Resource ID '1B' maps to port 3500:
#0000001B = port: 3500

# A resource can be restricted to one or more users.
# Restricted to users 1 and 2:
#0000001C = port: 4500 / users: 00000001, 00000002
# Restricted to user 1:
#0000001D = port: 5500 / users: 00000001