summaryrefslogtreecommitdiff
path: root/interface-definitions/service-ids-ddos-protection.xml.in
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions/service-ids-ddos-protection.xml.in')
-rw-r--r--interface-definitions/service-ids-ddos-protection.xml.in118
1 files changed, 118 insertions, 0 deletions
diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service-ids-ddos-protection.xml.in
new file mode 100644
index 000000000..93d4cc682
--- /dev/null
+++ b/interface-definitions/service-ids-ddos-protection.xml.in
@@ -0,0 +1,118 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="service">
+ <children>
+ <node name="ids">
+ <properties>
+ <help>Intrusion Detection System</help>
+ </properties>
+ <children>
+ <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_fastnetmon.py">
+ <properties>
+ <help>FastNetMon detection and protection parameters</help>
+ <priority>731</priority>
+ </properties>
+ <children>
+ <leafNode name="alert-script">
+ <properties>
+ <help>Path to fastnetmon alert script</help>
+ </properties>
+ </leafNode>
+ <leafNode name="direction">
+ <properties>
+ <help>Direction for processing traffic</help>
+ <completionHelp>
+ <list>in out</list>
+ </completionHelp>
+ <constraint>
+ <regex>(in|out)</regex>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="listen-interface">
+ <properties>
+ <help>Listen interface for mirroring traffic</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <node name="mode">
+ <properties>
+ <help>Traffic capture modes</help>
+ </properties>
+ <children>
+ <!-- Future modes "mirror" "netflow" "combine (both)" -->
+ <leafNode name="mirror">
+ <properties>
+ <help>Listen mirrored traffic mode</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="network">
+ <properties>
+ <help>Define monitoring networks</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>Processed network</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <node name="threshold">
+ <properties>
+ <help>Attack limits thresholds</help>
+ </properties>
+ <children>
+ <leafNode name="fps">
+ <properties>
+ <help>Flows per second</help>
+ <valueHelp>
+ <format>&lt;0-4294967294&gt;</format>
+ <description>Flows per second</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-4294967294"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="mbps">
+ <properties>
+ <help>Megabits per second</help>
+ <valueHelp>
+ <format>&lt;0-4294967294&gt;</format>
+ <description>Megabits per second</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-4294967294"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="pps">
+ <properties>
+ <help>Packets per second</help>
+ <valueHelp>
+ <format>&lt;0-4294967294&gt;</format>
+ <description>Packets per second</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-4294967294"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>