diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-07-22 08:40:21 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-07-22 08:40:21 +0200 |
| commit | 266a4cacf615549b9b8654808380ab3e9fb04953 (patch) | |
| tree | 8d963cb8f6ec8d10b7edccf81b4a7b8f51b5ced7 /interface-definitions/ssh.xml.in | |
| parent | e4ab616ba826c93896d18c4d49e0f26a47f90c76 (diff) | |
| parent | cd6f7994a9c5d6501ce56b57362c7f33f64fa3d5 (diff) | |
| download | vyos-1x-266a4cacf615549b9b8654808380ab3e9fb04953.tar.gz vyos-1x-266a4cacf615549b9b8654808380ab3e9fb04953.zip | |
Merge pull request #2101 from sever-sever/T5354
sshguard: T5354: Add service ssh dynamic-protection
Diffstat (limited to 'interface-definitions/ssh.xml.in')
| -rw-r--r-- | interface-definitions/ssh.xml.in | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in index 867037295..65d8a368e 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/ssh.xml.in @@ -61,6 +61,78 @@ <valueless/> </properties> </leafNode> + <node name="dynamic-protection"> + <properties> + <help>Allow dynamic protection</help> + </properties> + <children> + <leafNode name="block-time"> + <properties> + <help>Block source IP in seconds. Subsequent blocks increase by a factor of 1.5</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Time interval in seconds for blocking</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="detect-time"> + <properties> + <help>Remember source IP in seconds before reset their score</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Time interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>1800</defaultValue> + </leafNode> + <leafNode name="threshold"> + <properties> + <help>Block source IP when their cumulative attack score exceeds threshold</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Threshold score</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="allow-from"> + <properties> + <help>Always allow inbound connections from these systems</help> + <valueHelp> + <format>ipv4</format> + <description>Address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <leafNode name="key-exchange"> <properties> <help>Allowed key exchange (KEX) algorithms</help> |