diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-05-13 13:11:57 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-13 13:11:57 +0200 |
commit | 8b122bd2ba6be5af1b7e24358b6e4db9abe9a45d (patch) | |
tree | bf04d8f50795c90a745f1be1aba58cf4af00602e /interface-definitions | |
parent | d70c2b4493366c02f025f43d2a777b2bef3e1789 (diff) | |
parent | 2e81f9e057f598a9a9e5c2d617e3d0818005d850 (diff) | |
download | vyos-1x-8b122bd2ba6be5af1b7e24358b6e4db9abe9a45d.tar.gz vyos-1x-8b122bd2ba6be5af1b7e24358b6e4db9abe9a45d.zip |
Merge pull request #1320 from sever-sever/T4408
sshguard: T4408: Add service ssh dynamic-protection
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/ssh.xml.in | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in index 8edbad110..7e2512f54 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/ssh.xml.in @@ -61,6 +61,78 @@ <valueless/> </properties> </leafNode> + <node name="dynamic-protection"> + <properties> + <help>Allow dynamic protection</help> + </properties> + <children> + <leafNode name="block-time"> + <properties> + <help>Block source IP in seconds. Subsequent blocks increase by a factor of 1.5</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Time interval in seconds for blocking</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="detect-time"> + <properties> + <help>Remember source IP in seconds before reset their score</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Time interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>1800</defaultValue> + </leafNode> + <leafNode name="threshold"> + <properties> + <help>Block source IP when their cumulative attack score exceeds threshold</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Threshold score</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="whitelist-address"> + <properties> + <help>Source address or prefix</help> + <valueHelp> + <format>ipv4</format> + <description>Address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <leafNode name="key-exchange"> <properties> <help>Allowed key exchange (KEX) algorithms</help> |