diff options
Diffstat (limited to 'data/templates/ids/fastnetmon.j2')
| -rw-r--r-- | data/templates/ids/fastnetmon.j2 | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2 new file mode 100644 index 000000000..c482002fa --- /dev/null +++ b/data/templates/ids/fastnetmon.j2 @@ -0,0 +1,56 @@ +# enable this option if you want to send logs to local syslog facility +logging:local_syslog_logging = on + +# list of all your networks in CIDR format +networks_list_path = /etc/networks_list + +# list networks in CIDR format which will be not monitored for attacks +white_list_path = /etc/networks_whitelist + +# Enable/Disable any actions in case of attack +enable_ban = on + +## How many packets will be collected from attack traffic +ban_details_records_count = 500 + +## How long (in seconds) we should keep an IP in blocked state +## If you set 0 here it completely disables unban capability +ban_time = 1900 + +# Check if the attack is still active, before triggering an unban callback with this option +# If the attack is still active, check each run of the unban watchdog +unban_only_if_attack_finished = on + +# enable per subnet speed meters +# For each subnet, list track speed in bps and pps for both directions +enable_subnet_counters = off + +{% if mode.mirror is vyos_defined %} +mirror_afpacket = on +{% endif %} + +process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off' }} +process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off' }} + +{% if threshold is vyos_defined %} +{% for thr, thr_value in threshold.items() %} +{% if thr is vyos_defined('fps') %} +ban_for_flows = on +threshold_flows = {{ thr_value }} +{% elif thr is vyos_defined('mbps') %} +ban_for_bandwidth = on +threshold_mbps = {{ thr_value }} +{% elif thr is vyos_defined('pps') %} +ban_for_pps = on +threshold_pps = {{ thr_value }} +{% endif %} +{% endfor %} +{% endif %} + +{% if listen_interface is vyos_defined %} +interfaces = {{ listen_interface | join(',') }} +{% endif %} + +{% if alert_script is vyos_defined %} +notify_script_path = {{ alert_script }} +{% endif %} |