From f40fe618f2a3efb7ea4dba35614f40db87903501 Mon Sep 17 00:00:00 2001 From: Adrian Almenar Date: Thu, 21 Jul 2022 17:18:30 +0200 Subject: fastnetmon: T4553: Allow to configure ban_time instead of 1900s default value --- data/templates/ids/fastnetmon.j2 | 4 +++- interface-definitions/service-ids-ddos-protection.xml.in | 13 +++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2 index c482002fa..e095b0786 100644 --- a/data/templates/ids/fastnetmon.j2 +++ b/data/templates/ids/fastnetmon.j2 @@ -15,7 +15,9 @@ ban_details_records_count = 500 ## How long (in seconds) we should keep an IP in blocked state ## If you set 0 here it completely disables unban capability -ban_time = 1900 +{% if ban_time is vyos_defined %} +ban_time = {{ ban_time }} +{% endif %} # Check if the attack is still active, before triggering an unban callback with this option # If the attack is still active, check each run of the unban watchdog diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service-ids-ddos-protection.xml.in index 5e65d3106..135fa2ffa 100644 --- a/interface-definitions/service-ids-ddos-protection.xml.in +++ b/interface-definitions/service-ids-ddos-protection.xml.in @@ -18,6 +18,19 @@ Path to fastnetmon alert script + + + Time to ban (in seconds) an ip + + u32:0-4294967294 + Time to ban (in seconds) an ip + + + + + + 1900 + Direction for processing traffic -- cgit v1.2.3