diff options
| author | sever-sever <v.gletenko@vyos.io> | 2020-06-26 17:07:23 +0000 |
|---|---|---|
| committer | sever-sever <v.gletenko@vyos.io> | 2020-06-29 08:09:57 +0000 |
| commit | 1b7b50000f4b2ef15a45dd84ea213a74b3b54d88 (patch) | |
| tree | d61a77e3491914ab8913a98436d93ae0eac3b7b6 /interface-definitions | |
| parent | 8aa548c975bbbd306d9a1f8441960c3834388fdf (diff) | |
| download | vyos-1x-1b7b50000f4b2ef15a45dd84ea213a74b3b54d88.tar.gz vyos-1x-1b7b50000f4b2ef15a45dd84ea213a74b3b54d88.zip | |
ids: T2659: Fastnetmon conf_mode
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/service-ids-ddos-protection.xml.in | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service-ids-ddos-protection.xml.in new file mode 100644 index 000000000..741533bb4 --- /dev/null +++ b/interface-definitions/service-ids-ddos-protection.xml.in @@ -0,0 +1,117 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="ids"> + <properties> + <help>Intrusion Detection System</help> + </properties> + <children> + <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_fastnetmon.py"> + <properties> + <help>FastNetMon detection and protection parameters</help> + </properties> + <children> + <leafNode name="alert-script"> + <properties> + <help>Path to fastnetmon alert script</help> + </properties> + </leafNode> + <leafNode name="direction"> + <properties> + <help>Direction for processing traffic</help> + <completionHelp> + <list>in out</list> + </completionHelp> + <constraint> + <regex>(in|out)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="listen-interface"> + <properties> + <help>Listen interface for mirroring traffic</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <node name="mode"> + <properties> + <help>Traffic capture modes</help> + </properties> + <children> + <!-- Future modes "mirror" "netflow" "combine (both)" --> + <leafNode name="mirror"> + <properties> + <help>Listen mirrored traffic mode</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="network"> + <properties> + <help>Define monitoring networks</help> + <valueHelp> + <format>ipv4net</format> + <description>Processed network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="threshold"> + <properties> + <help>Attack limits thresholds</help> + </properties> + <children> + <leafNode name="fps"> + <properties> + <help>Flows per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Flows per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mbps"> + <properties> + <help>Megabits per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Megabits per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + <leafNode name="pps"> + <properties> + <help>Packets per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Packets per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> |