From 67cf858c8727f7f232aa4648510335f2b2028aaa Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Fri, 16 Sep 2022 16:18:30 +0000
Subject: ids: T4557: Migrate threshold and add new threshold types

Migrate "service ids ddos-protection threshold xxx" to
        "service ids ddos-protection general threshold xxx"

Add new threshold types:
  set service ids ddos-protection threshold tcp xxx
  set service ids ddos-protection threshold udp xxx
  set service ids ddos-protection threshold icmp xxx
---
 data/templates/ids/fastnetmon.j2 | 64 ++++++++++++++++++++++++++++++++++++----
 1 file changed, 58 insertions(+), 6 deletions(-)

(limited to 'data/templates/ids')

diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2
index b9f77a257..0340d3c92 100644
--- a/data/templates/ids/fastnetmon.j2
+++ b/data/templates/ids/fastnetmon.j2
@@ -37,18 +37,70 @@ process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in dire
 process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off' }}
 
 {% if threshold is vyos_defined %}
-{%     for thr, thr_value in threshold.items() %}
-{%         if thr is vyos_defined('fps') %}
+{%     if threshold.general is vyos_defined %}
+# General threshold
+{%         for thr, thr_value in threshold.general.items() %}
+{%             if thr is vyos_defined('fps') %}
 ban_for_flows = on
 threshold_flows = {{ thr_value }}
-{%         elif thr is vyos_defined('mbps') %}
+{%             elif thr is vyos_defined('mbps') %}
 ban_for_bandwidth = on
 threshold_mbps = {{ thr_value }}
-{%         elif thr is vyos_defined('pps') %}
+{%             elif thr is vyos_defined('pps') %}
 ban_for_pps = on
 threshold_pps = {{ thr_value }}
-{%         endif %}
-{%     endfor %}
+{%             endif %}
+{%         endfor %}
+{%     endif %}
+
+{%     if threshold.tcp is vyos_defined %}
+# TCP threshold
+{%         for thr, thr_value in threshold.tcp.items() %}
+{%             if thr is vyos_defined('fps') %}
+ban_for_tcp_flows = on
+threshold_tcp_flows = {{ thr_value }}
+{%             elif thr is vyos_defined('mbps') %}
+ban_for_tcp_bandwidth = on
+threshold_tcp_mbps = {{ thr_value }}
+{%             elif thr is vyos_defined('pps') %}
+ban_for_tcp_pps = on
+threshold_tcp_pps = {{ thr_value }}
+{%             endif %}
+{%         endfor %}
+{%     endif %}
+
+{%     if threshold.udp is vyos_defined %}
+# UDP threshold
+{%         for thr, thr_value in threshold.udp.items() %}
+{%             if thr is vyos_defined('fps') %}
+ban_for_udp_flows = on
+threshold_udp_flows = {{ thr_value }}
+{%             elif thr is vyos_defined('mbps') %}
+ban_for_udp_bandwidth = on
+threshold_udp_mbps = {{ thr_value }}
+{%             elif thr is vyos_defined('pps') %}
+ban_for_udp_pps = on
+threshold_udp_pps = {{ thr_value }}
+{%             endif %}
+{%         endfor %}
+{%     endif %}
+
+{%     if threshold.icmp is vyos_defined %}
+# ICMP threshold
+{%         for thr, thr_value in threshold.icmp.items() %}
+{%             if thr is vyos_defined('fps') %}
+ban_for_icmp_flows = on
+threshold_icmp_flows = {{ thr_value }}
+{%             elif thr is vyos_defined('mbps') %}
+ban_for_icmp_bandwidth = on
+threshold_icmp_mbps = {{ thr_value }}
+{%             elif thr is vyos_defined('pps') %}
+ban_for_icmp_pps = on
+threshold_icmp_pps = {{ thr_value }}
+{%             endif %}
+{%         endfor %}
+{%     endif %}
+
 {% endif %}
 
 {% if listen_interface is vyos_defined %}
-- 
cgit v1.2.3