diff options
Diffstat (limited to 'interface-definitions/service-ids-ddos-protection.xml.in')
-rw-r--r-- | interface-definitions/service-ids-ddos-protection.xml.in | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service-ids-ddos-protection.xml.in new file mode 100644 index 000000000..93d4cc682 --- /dev/null +++ b/interface-definitions/service-ids-ddos-protection.xml.in @@ -0,0 +1,118 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="ids"> + <properties> + <help>Intrusion Detection System</help> + </properties> + <children> + <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_fastnetmon.py"> + <properties> + <help>FastNetMon detection and protection parameters</help> + <priority>731</priority> + </properties> + <children> + <leafNode name="alert-script"> + <properties> + <help>Path to fastnetmon alert script</help> + </properties> + </leafNode> + <leafNode name="direction"> + <properties> + <help>Direction for processing traffic</help> + <completionHelp> + <list>in out</list> + </completionHelp> + <constraint> + <regex>(in|out)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="listen-interface"> + <properties> + <help>Listen interface for mirroring traffic</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <node name="mode"> + <properties> + <help>Traffic capture modes</help> + </properties> + <children> + <!-- Future modes "mirror" "netflow" "combine (both)" --> + <leafNode name="mirror"> + <properties> + <help>Listen mirrored traffic mode</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="network"> + <properties> + <help>Define monitoring networks</help> + <valueHelp> + <format>ipv4net</format> + <description>Processed network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="threshold"> + <properties> + <help>Attack limits thresholds</help> + </properties> + <children> + <leafNode name="fps"> + <properties> + <help>Flows per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Flows per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mbps"> + <properties> + <help>Megabits per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Megabits per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + <leafNode name="pps"> + <properties> + <help>Packets per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Packets per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> |