diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-07-21 10:35:34 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-07-21 13:16:03 +0000 |
commit | bd4bb4f869d6df02bfda1ce5668b8cf15a95b4af (patch) | |
tree | e77fff1b934bfbf48435f2657b72e98ad9238168 /data | |
parent | 26af45a61bbe8b219b57127a869e723b11886522 (diff) | |
download | vyos-1x-bd4bb4f869d6df02bfda1ce5668b8cf15a95b4af.tar.gz vyos-1x-bd4bb4f869d6df02bfda1ce5668b8cf15a95b4af.zip |
T5368: service ids ddos-protection add support sflow mode
sFlow mode requires fewer resources then mode "mirror"
Integrate it into configuration mode
set service ids ddos-protection mode 'sflow'
set service ids ddos-protection sflow listen-address '127.0.0.1'
set service ids ddos-protection sflow port '6343'
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/ids/fastnetmon.j2 | 11 | ||||
-rw-r--r-- | data/templates/ids/fastnetmon_networks_list.j2 | 2 |
2 files changed, 11 insertions, 2 deletions
diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2 index 0340d3c92..f6f03d0db 100644 --- a/data/templates/ids/fastnetmon.j2 +++ b/data/templates/ids/fastnetmon.j2 @@ -29,10 +29,19 @@ unban_only_if_attack_finished = on # For each subnet, list track speed in bps and pps for both directions enable_subnet_counters = off -{% if mode.mirror is vyos_defined %} +{% if mode is vyos_defined('mirror') %} mirror_afpacket = on +{% elif mode is vyos_defined('sflow') %} +sflow = on +{% if sflow.port is vyos_defined %} +sflow_port = {{ sflow.port }} +{% endif %} +{% if sflow.listen_address is vyos_defined %} +sflow_host = {{ sflow.listen_address }} +{% endif %} {% endif %} + process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off' }} process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off' }} diff --git a/data/templates/ids/fastnetmon_networks_list.j2 b/data/templates/ids/fastnetmon_networks_list.j2 index 5f1b3ba4d..0a0576d2a 100644 --- a/data/templates/ids/fastnetmon_networks_list.j2 +++ b/data/templates/ids/fastnetmon_networks_list.j2 @@ -1,4 +1,4 @@ -{% if network is vyos_defined() %} +{% if network is vyos_defined %} {% for net in network %} {{ net }} {% endfor %} |