19a0061b6Sopenharmony_ci# Load additional iptables modules (nat helpers)
29a0061b6Sopenharmony_ci#   Default: -none-
39a0061b6Sopenharmony_ci# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
49a0061b6Sopenharmony_ci# are loaded after the firewall rules are applied. Options for the helpers are
59a0061b6Sopenharmony_ci# stored in /etc/modprobe.conf.
69a0061b6Sopenharmony_ciIPTABLES_MODULES=""
79a0061b6Sopenharmony_ci
89a0061b6Sopenharmony_ci# Save current firewall rules on stop.
99a0061b6Sopenharmony_ci#   Value: yes|no,  default: no
109a0061b6Sopenharmony_ci# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
119a0061b6Sopenharmony_ci# (e.g. on system shutdown).
129a0061b6Sopenharmony_ciIPTABLES_SAVE_ON_STOP="no"
139a0061b6Sopenharmony_ci
149a0061b6Sopenharmony_ci# Save current firewall rules on restart.
159a0061b6Sopenharmony_ci#   Value: yes|no,  default: no
169a0061b6Sopenharmony_ci# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
179a0061b6Sopenharmony_ci# restarted.
189a0061b6Sopenharmony_ciIPTABLES_SAVE_ON_RESTART="no"
199a0061b6Sopenharmony_ci
209a0061b6Sopenharmony_ci# Save (and restore) rule and chain counter.
219a0061b6Sopenharmony_ci#   Value: yes|no,  default: no
229a0061b6Sopenharmony_ci# Save counters for rules and chains to /etc/sysconfig/iptables if
239a0061b6Sopenharmony_ci# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
249a0061b6Sopenharmony_ci# SAVE_ON_RESTART is enabled.
259a0061b6Sopenharmony_ciIPTABLES_SAVE_COUNTER="no"
269a0061b6Sopenharmony_ci
279a0061b6Sopenharmony_ci# Numeric status output
289a0061b6Sopenharmony_ci#   Value: yes|no,  default: yes
299a0061b6Sopenharmony_ci# Print IP addresses and port numbers in numeric format in the status output.
309a0061b6Sopenharmony_ciIPTABLES_STATUS_NUMERIC="yes"
319a0061b6Sopenharmony_ci
329a0061b6Sopenharmony_ci# Verbose status output
339a0061b6Sopenharmony_ci#   Value: yes|no,  default: yes
349a0061b6Sopenharmony_ci# Print info about the number of packets and bytes plus the "input-" and
359a0061b6Sopenharmony_ci# "outputdevice" in the status output.
369a0061b6Sopenharmony_ciIPTABLES_STATUS_VERBOSE="no"
379a0061b6Sopenharmony_ci
389a0061b6Sopenharmony_ci# Status output with numbered lines
399a0061b6Sopenharmony_ci#   Value: yes|no,  default: yes
409a0061b6Sopenharmony_ci# Print a counter/number for every rule in the status output.
419a0061b6Sopenharmony_ciIPTABLES_STATUS_LINENUMBERS="yes"
429a0061b6Sopenharmony_ci
439a0061b6Sopenharmony_ci# Reload sysctl settings on start and restart
449a0061b6Sopenharmony_ci#   Default: -none-
459a0061b6Sopenharmony_ci# Space separated list of sysctl items which are to be reloaded on start.
469a0061b6Sopenharmony_ci# List items will be matched by fgrep.
479a0061b6Sopenharmony_ci#IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf"
489a0061b6Sopenharmony_ci
499a0061b6Sopenharmony_ci# Set wait option for iptables-restore calls in seconds
509a0061b6Sopenharmony_ci#   Default: 600
519a0061b6Sopenharmony_ci# Set to 0 to deactivate the wait.
529a0061b6Sopenharmony_ci#IPTABLES_RESTORE_WAIT=600
539a0061b6Sopenharmony_ci
549a0061b6Sopenharmony_ci# Set wait interval option for iptables-restore calls in microseconds
559a0061b6Sopenharmony_ci#   Default: 1000000
569a0061b6Sopenharmony_ci# Set to 100000 to try to get the lock every 100000 microseconds, 10 times a
579a0061b6Sopenharmony_ci# second.
589a0061b6Sopenharmony_ci# Only usable with IPTABLES_RESTORE_WAIT > 0
599a0061b6Sopenharmony_ci#IPTABLES_RESTORE_WAIT_INTERVAL=1000000
60