summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-07-25 19:36:24 +0200
committerGitHub <noreply@github.com>2022-07-25 19:36:24 +0200
commit55d7ff854cfe0eba1b0a53e1316976471ce2d914 (patch)
tree6ff52e2be7a71bf8e9fca28498fa091c81c8e628 /data
parentdf7348da111668d38796d955bf64fa384eb7a58f (diff)
parentbd119de6fd32480a4b6fd9c3b16cd5191af350af (diff)
downloadvyos-1x-55d7ff854cfe0eba1b0a53e1316976471ce2d914.tar.gz
vyos-1x-55d7ff854cfe0eba1b0a53e1316976471ce2d914.zip
Merge pull request #1434 from aalmenar/T4556
fastnetmon: T4556: Allow configure white_list_path and populate with hosts/networks that should be ignored
Diffstat (limited to 'data')
-rw-r--r--data/templates/ids/fastnetmon.j23
-rw-r--r--data/templates/ids/fastnetmon_excluded_networks_list.j25
2 files changed, 8 insertions, 0 deletions
diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2
index 005338836..b9f77a257 100644
--- a/data/templates/ids/fastnetmon.j2
+++ b/data/templates/ids/fastnetmon.j2
@@ -5,6 +5,9 @@ logging:local_syslog_logging = on
# list of all your networks in CIDR format
networks_list_path = /run/fastnetmon/networks_list
+# list networks in CIDR format which will be not monitored for attacks
+white_list_path = /run/fastnetmon/excluded_networks_list
+
# Enable/Disable any actions in case of attack
enable_ban = on
enable_ban_ipv6 = on
diff --git a/data/templates/ids/fastnetmon_excluded_networks_list.j2 b/data/templates/ids/fastnetmon_excluded_networks_list.j2
new file mode 100644
index 000000000..c88a1c527
--- /dev/null
+++ b/data/templates/ids/fastnetmon_excluded_networks_list.j2
@@ -0,0 +1,5 @@
+{% if excluded_network is vyos_defined %}
+{% for net in excluded_network %}
+{{ net }}
+{% endfor %}
+{% endif %}