1 files changed, 65 insertions, 9 deletions

diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2
index c482002fa..0340d3c92 100644
--- a/data/templates/ids/fastnetmon.j2
+++ b/data/templates/ids/fastnetmon.j2
@@ -1,21 +1,25 @@
 # enable this option if you want to send logs to local syslog facility
+logging:logging_level = debug
 logging:local_syslog_logging = on
 
 # list of all your networks in CIDR format
-networks_list_path = /etc/networks_list
+networks_list_path = /run/fastnetmon/networks_list
 
 # list networks in CIDR format which will be not monitored for attacks
-white_list_path = /etc/networks_whitelist
+white_list_path = /run/fastnetmon/excluded_networks_list
 
 # Enable/Disable any actions in case of attack
 enable_ban = on
+enable_ban_ipv6 = on
 
 ## How many packets will be collected from attack traffic
 ban_details_records_count = 500
 
 ## How long (in seconds) we should keep an IP in blocked state
 ## If you set 0 here it completely disables unban capability
-ban_time = 1900
+{% if ban_time is vyos_defined %}
+ban_time = {{ ban_time }}
+{% endif %}
 
 # Check if the attack is still active, before triggering an unban callback with this option
 # If the attack is still active, check each run of the unban watchdog
@@ -33,18 +37,70 @@ process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in dire
 process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off' }}
 
 {% if threshold is vyos_defined %}
-{%     for thr, thr_value in threshold.items() %}
-{%         if thr is vyos_defined('fps') %}
+{%     if threshold.general is vyos_defined %}
+# General threshold
+{%         for thr, thr_value in threshold.general.items() %}
+{%             if thr is vyos_defined('fps') %}
 ban_for_flows = on
 threshold_flows = {{ thr_value }}
-{%         elif thr is vyos_defined('mbps') %}
+{%             elif thr is vyos_defined('mbps') %}
 ban_for_bandwidth = on
 threshold_mbps = {{ thr_value }}
-{%         elif thr is vyos_defined('pps') %}
+{%             elif thr is vyos_defined('pps') %}
 ban_for_pps = on
 threshold_pps = {{ thr_value }}
-{%         endif %}
-{%     endfor %}
+{%             endif %}
+{%         endfor %}
+{%     endif %}
+
+{%     if threshold.tcp is vyos_defined %}
+# TCP threshold
+{%         for thr, thr_value in threshold.tcp.items() %}
+{%             if thr is vyos_defined('fps') %}
+ban_for_tcp_flows = on
+threshold_tcp_flows = {{ thr_value }}
+{%             elif thr is vyos_defined('mbps') %}
+ban_for_tcp_bandwidth = on
+threshold_tcp_mbps = {{ thr_value }}
+{%             elif thr is vyos_defined('pps') %}
+ban_for_tcp_pps = on
+threshold_tcp_pps = {{ thr_value }}
+{%             endif %}
+{%         endfor %}
+{%     endif %}
+
+{%     if threshold.udp is vyos_defined %}
+# UDP threshold
+{%         for thr, thr_value in threshold.udp.items() %}
+{%             if thr is vyos_defined('fps') %}
+ban_for_udp_flows = on
+threshold_udp_flows = {{ thr_value }}
+{%             elif thr is vyos_defined('mbps') %}
+ban_for_udp_bandwidth = on
+threshold_udp_mbps = {{ thr_value }}
+{%             elif thr is vyos_defined('pps') %}
+ban_for_udp_pps = on
+threshold_udp_pps = {{ thr_value }}
+{%             endif %}
+{%         endfor %}
+{%     endif %}
+
+{%     if threshold.icmp is vyos_defined %}
+# ICMP threshold
+{%         for thr, thr_value in threshold.icmp.items() %}
+{%             if thr is vyos_defined('fps') %}
+ban_for_icmp_flows = on
+threshold_icmp_flows = {{ thr_value }}
+{%             elif thr is vyos_defined('mbps') %}
+ban_for_icmp_bandwidth = on
+threshold_icmp_mbps = {{ thr_value }}
+{%             elif thr is vyos_defined('pps') %}
+ban_for_icmp_pps = on
+threshold_icmp_pps = {{ thr_value }}
+{%             endif %}
+{%         endfor %}
+{%     endif %}
+
 {% endif %}
 
 {% if listen_interface is vyos_defined %}