## Sentry Firewall CD-ROM 1.x Configuration File
## Sample "sentry.conf" configuration file.
## Questions/Comments: Obsid@Sentry.net

## I have tried to give a brief description of the setup here, please
## see the documentation at http://www.SentryFirewall.com/ for more
## details.

## All configuration directives are case sensitive. Anything after a '#'
## sign is considered a comment.

##-----------------------------------------------------------------------##
## Networking Support

 ## 'device' Directive Syntax:
 ##    device[1..10] = [device_name]:[driver_name]:[IP_Address]<|gateway>
 ##    device[1..10] = [device_name]:[driver_name]:dhcp<|hostname>
 ##
 ##    NOTES: 1) <hostname> and <gateway> are optional, but sometimes required.
 ##
 ##           2) Only one <gateway> can be declared, that is, you cannot set
 ##              up more than one default gateway.
 ##
 ##          *3) Devices set up with the 'device[1..10]' directive are TEMPORARY
 ##              and are taken down after the configuration process is complete.
 ##              See rc.inet1{.conf} for more permanent network setup.
 ##
 ##           4) Please see file: /SENTRY/scripts/cd-config/networking.pl for
 ##              list of supported devices.  Most 10/100BaseT ethernet devices
 ##              should be supported.

 ## 'nameserver' Directive Syntax:
 ##    nameserver = <IP_address>

    ## Examples:
    # device1 = eth0:tulip:192.168.1.50|192.168.1.1
    # device2 = eth1:via-rhine:dhcp
    # nameserver = 192.168.1.10


 ## NOTES: 1) With network devices set up, the following configuration
 ##           syntax is supported(examples):
 ##           fstab = http://<user:passwd@>192.168.1.1/config1/fstab
 ##           fstab = https://<user:passwd@>192.168.1.1/config1/fstab
 ##           fstab = ftp://<user:passwd@>192.168.1.1/config1/fstab
 ##           fstab = sftp://<user:passwd@>192.168.1.1/config1/fstab
 ##           fstab = scp://<user:passwd@>192.168.1.1/config1/fstab
 ##
 ##        2) The username and password fields are required when retrieving files
 ##           via scp or sftp.  Empty passwords are not permitted.


 ## More networking options:

    ## Proxy Support
    # http_proxy = http://<proxy_server>:<port>/
    # ftp_proxy = http://<proxy_server>:<port>/
    # proxy-user = <proxy_username>
    # proxy-passwd = <proxy_password>

    ## Passive FTP Support
    # passive-ftp = <on|off>  ## Default == off


##-----------------------------------------------------------------------##
## Include directives.

 ## include = /floppy/config1/sentry.conf
 ## Or with network support:
 ## include = ftp://user:pass@192.168.1.1/config/sentry.conf


##-----------------------------------------------------------------------##
## Path Statements -- New for 1.5.0-rc13!

 ## Path statements tell the configuration scripts where to look for
 ## files.  These can specify a path on a local or remote system.  The
 ## variables "path1" to "path10" are allowed.

    ## Syntax:
       ## path<#> = <PATH>
       ## path<#> = <URI>

       ## NOTE: <URI> should point to a directory on a remote system,
       ##       NOT just a file.

    ## Examples:
       ## path1 = /floppy/node1/config/
       ## path2 = scp://user:pass@someserver/node123/config/
       ## path3 = http://user:pass@someserver/node123-backup/config/
       ## etc etc...

    ## You may then use the following syntax when declaring a file below:
       ## squid.conf = squid.conf
       ## or
       ## /etc/someconf.conf = someconf.conf

       ## The configuration scripts will first look for "squid.conf" or
       ## "someconf.conf" in $m_point, which is usually /floppy.  If it
       ## isn't found, then the system will try path1..path10 in order
       ## until "squid.conf" or "someconf.conf" is found.  This not only
       ## makes for less typing when creating your sentry.conf, but it also
       ## allows you to add some redundancy to the configuration process.


##-----------------------------------------------------------------------##
## Make a Directory -- New for 1.5.0-rc14!

 ## Make a directory in the specified location with the specified
 ## permissions(MASK).  MASK is optional and defaults to 0755(rwxr-xr-x).
 ## This directive can be useful if you want to copy files at boot-time
 ## to a directory that does not exist on the ramdisk by default.

    ## Syntax:
       ## mkdir <PATH/DIRECTORY>[:MASK]


##-----------------------------------------------------------------------##
## /etc/rc.d boot scripts.

 # rc.M =
 # rc.6 =
 # rc.dhcpd =
 # rc.netdevice = /floppy/config1/rc.netdevice
 # rc.inet1 =
 # rc.inet1.conf = /floppy/config1/rc.inet1.conf
 # rc.inet2 =
 # rc.inet2.conf =
 # rc.keymap =
 # rc.local =
 # rc.modules =
 # rc.ntpd =
 # rc.firewall =
 # rc.firewall.nat =
 # rc.firewall.save =	## Use if firewall was dumped to disk using iptables-save.
 # rc.sendmail =
 # rc.snort =


##-----------------------------------------------------------------------##
## Common system and configuration files.

 # fstab = /floppy/config1/fstab
 # ftpusers =
 # group =
 # hostname =
 # hosts =  /floppy/config1/hosts
 # hosts.allow =
 # hosts.deny =
 # hosts.equiv =
 # inittab =
 # issue =
 # issue.net =
 # modules.conf =
 # motd =
 # openssl.cnf =
 # passwd =
 # profile =
 # resolv.conf = /floppy/config1/resolv.conf
 # shadow = /floppy/config1/shadow
 # shells =


##-----------------------------------------------------------------------##
## Common daemon configuration files

 # chap-secrets =
 # bgpd.conf =
 # dhcpd.conf =
 # dnsmasq.conf =
 # ftp-proxy.conf =
 # gated.conf =
 # httpd.conf =
 # inetd.conf =
 # ipsec.conf =
 # ipsec.secrets =
 # knockclient.conf =
 # knockdaemon.conf =
 # l2tpd.conf =
 # named.conf =
 # newsyslog.conf =
 # options =
 # options.l2tpd =
 # options.pptpd =
 # ospfd.conf =
 # portsentry.conf =
 # pppoe.conf =
 # pptpd.conf =
 # proftpd.conf =
 # ntp.conf =
 # rinetd.conf =
 # ripd.conf =
 # rndc.conf =
 # sendmail.cf =
 # smb.conf =
 # snort.conf =
 # squid.conf =
 # ss5.conf =
 # ss5.passwd =
 # stunnel.conf =
 # stunnel.pem =
 # syslog.conf =
 # syslog-ng.conf =
 # ulogd.conf =
 # vsftpd.conf =
 # wlan.conf =
 # zebra.conf =


##-----------------------------------------------------------------------##
## /etc/ssh configuration files and host keys.
## If no host keys are specified rc.sshd creates them at
## boot time.  No default host keys are present on the rootdisk,
## for obvious reasons.

 # ssh_config =
 # sshd_config =
 # shosts.equiv =
 # ssh_host_key =
 # ssh_host_key.pub =
 # ssh_host_dsa_key =
 # ssh_host_dsa_key.pub =
 # ssh_host_rsa_key =
 # ssh_host_rsa_key.pub =
 # ssh_known_hosts =
 # ssh_known_hosts2 =


##-----------------------------------------------------------------------##
## CDROM device where the Sentry Firewall CD is located.  If not declared
## the configuration scripts will still try to probe for and mount the CD.
## But declaring this is much easier/faster/safer.

 # cdrom = /dev/hdc


##-----------------------------------------------------------------------##
## Webmin Configuration.

 # start_webmin = disable	## enable|disable webmin.  Default == disable.

 # webmin_config =		## Main webmin config(/etc/webmin/config).

 # miniserv.conf =		## Config file for webmin http(s) daemon.

 # miniserv.pem =		## SSL cert for webmin http(s) daemon.
				## An SSL cert will be created by rc.webmin if
				## one is not specified.

 # miniserv.users =		## Password file used for webmin.
				## Default user:pass is sentry:SENTRY.
				## NOTE: If this file is not replaced webmin
				## will NOT start.


##-----------------------------------------------------------------------##
## Other Configuration Directives.

## Add a swap partition at configuration time.  If the ":format" option
## is appended to the variable, then the configuration scripts will
## also format the partition before activating it.

## Warning: An improper setting of this variable could cause serious damage
##          to data.

  ## Examples:
    # add_swap = /dev/hda1
    # add_swap = /dev/hda1:format


## Change size of root(/).  By default the root filesystem is around 18MB
## in size.  This option allows you to change the size of the root
## filesystem if you need more/less space.  Also, since root is mounted on
## a tmpfs filesystem, this area can be swapped out as needed.  The suffix
## g, m, or k is accepted for binary kilo, mega and giga.  If no suffix
## is added, a size in megabytes is presumed.

  ## Example:
    # root_size = 18M


## Replace user's crontab file(/var/spool/cron/crontabs/).
## Syntax: cron:<USERNAME> = <CRONTAB FILE>

  # Example:
  #    cron:root = /floppy/config/crontab_file


## Make symlink called /etc/daemon.conf that points to /root/daemon.conf
## Syntax: dest_file => source_file(file symlink points to)

  ## Examples:
  #    /etc/daemon.conf => /root/daemon.conf

  ## Set Timezone(GMT is the default)
  #    /etc/localtime => /usr/share/zoneinfo/GMT


## Copy file /floppy/daemon.conf to /etc/daemon.conf
## Syntax: source_file |= dest_file

  # Example:
  #    /floppy/daemon.conf |= /etc/daemon.conf
  #    OR
  #    /etc/daemon.conf = /floppy/daemon.conf

  # This is also possible(with a device set up, see above):
  #    /etc/daemon.conf = ftp://user:pass@<server>/config/daemon.conf
  #    OR
  #    scp://user:pass@<server>/config/daemon.conf |= /etc/daemon.conf





## _EOF_ ##