blob: c87c684f6ba532c0e00f0259716492c5b8aa4eb5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# letmeind daemon configuration.
[GENERAL]
# This config section holds general options.
# Enable debugging.
# This will print verbose syslog messages while modifying the firewall.
#
# Possible values: true, false
debug = true
# The port that letmeind will listen on.
# This is the public internet facing port of the daemon.
#
# Possible values: Any valid TCP/IP port.
port = 5800
# Turn the Linux seccomp feature on.
#
# Possible values: off, log, kill
#
# off: Seccomp turned off.
# log: Seccomp turned off, but access of prohibited syscalls will be logged to syslog.
# kill: Seccomp turned on. Letmeind will be killed if prohibited syscalls are called.
seccomp = off
[NFTABLES]
# This config section holds the nftables firewall configuration.
# nftables chain that letmeinfwd will modity.
family = inet
table = filter
chain-input = LETMEIN-INPUT
# Timeout of installed knock-open rules.
# Knocked-open ports will be closed again this many seconds after the knocking.
timeout = 600
[KEYS]
# This config section holds the table of users with their corresponding keys.
#
# Use command to generate new keys:
# letmein gen-key
# User 00000001:
#00000001 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
# User 00000002:
#00000002 = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[RESOURCES]
# This config section holds the table of knock-able ports.
# Resource ID '1A' maps to port 2000:
#0000001A = port: 2000
# Resource ID '1B' maps to port 3500:
#0000001B = port: 3500
# A resource can be restricted to one or more users.
# Restricted to users 1 and 2:
#0000001C = port: 4500 / users: 00000001, 00000002
# Restricted to user 1:
#0000001D = port: 5500 / users: 00000001
|
