Testing mode - TESTING
Enable firewall testing mode. This option will enable a CRON job that will clear iptables when you start the firewall.
This should be enabled until you are sure that the firewall works. The login failure daemon will not start while this is
enabled. Make sure to disable this option and restart the firewall after everything is configured correctly.
Default: 1 Range: 0-1
Testing interval - TESTING_INTERVAL
The testing interval in minutes when the CRON job will clear iptables. This option uses the servers system clock so the
CRON job will run past the hour and not from when you issue the firewall start command.
Default: 5 Range: 1-60
Restrict UI - RESTRICT_UI
Restricts the ability to modify some firewall settings from within the user interface. If the panel interface was
compromised these restricted options could be used to further compromise the server.
Default: 0
Restrict syslog - RESTRICT_SYSLOG
Syslog and rsyslog are vulnerable to spoofing (they allow end-users to log messages to some system logs via the same
unix socket that other local services use). This option can disable all LFD features that rely on syslog and rsyslog
logs.
Default: 2 Range: 0-3
Restrict syslog group - RESTRICT_SYSLOG_GROUP
This setting is used if RESTRICT_SYSLOG is set to "Restrict syslog/rsyslog access to RESTRICT_SYSLOG_GROUP". It
restricts write access to the syslog/rsyslog unix socket(s). The group must not already exist in /etc/groups before
setting RESTRICT_SYSLOG to 3, so set the option to a unique name for the server. Using this option will prevent some
legitimate logging, e.g. end-user cronjob logs.
Default: mysyslog
Auto updates - AUTO_UPDATES
Enable firewall auto updates. This option adds a daily CRON job that will update the firewall and login failure daemon
automatically if an update is available.
Default: 1 Range: 0-1