summaryrefslogtreecommitdiff
path: root/interface-definitions/service-ids-ddos-protection.xml.in
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions/service-ids-ddos-protection.xml.in')
-rw-r--r--interface-definitions/service-ids-ddos-protection.xml.in40
1 files changed, 38 insertions, 2 deletions
diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service-ids-ddos-protection.xml.in
index 5e65d3106..86fc4dffa 100644
--- a/interface-definitions/service-ids-ddos-protection.xml.in
+++ b/interface-definitions/service-ids-ddos-protection.xml.in
@@ -18,6 +18,19 @@
<help>Path to fastnetmon alert script</help>
</properties>
</leafNode>
+ <leafNode name="ban-time">
+ <properties>
+ <help>How long we should keep an IP in blocked state</help>
+ <valueHelp>
+ <format>u32:1-4294967294</format>
+ <description>Time in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-4294967294"/>
+ </constraint>
+ </properties>
+ <defaultValue>1900</defaultValue>
+ </leafNode>
<leafNode name="direction">
<properties>
<help>Direction for processing traffic</help>
@@ -30,6 +43,24 @@
<multi/>
</properties>
</leafNode>
+ <leafNode name="excluded-network">
+ <properties>
+ <help>Specify IPv4 and IPv6 networks which are going to be excluded from protection</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 prefix(es) to exclude</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 prefix(es) to exclude</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
<leafNode name="listen-interface">
<properties>
<help>Listen interface for mirroring traffic</help>
@@ -55,13 +86,18 @@
</node>
<leafNode name="network">
<properties>
- <help>Define monitoring networks</help>
+ <help>Specify IPv4 and IPv6 networks which belong to you</help>
<valueHelp>
<format>ipv4net</format>
- <description>Processed network</description>
+ <description>Your IPv4 prefix(es)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>Your IPv6 prefix(es)</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
+ <validator name="ipv6-prefix"/>
</constraint>
<multi/>
</properties>