From bd119de6fd32480a4b6fd9c3b16cd5191af350af Mon Sep 17 00:00:00 2001 From: Adrian Almenar Date: Mon, 25 Jul 2022 15:47:51 +0200 Subject: fastnetmon: T4556: Allow configure white_list_path and populate with hosts/networks that should be ignored. --- data/templates/ids/fastnetmon.j2 | 3 +++ data/templates/ids/fastnetmon_excluded_networks_list.j2 | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 data/templates/ids/fastnetmon_excluded_networks_list.j2 (limited to 'data') diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2 index 005338836..b9f77a257 100644 --- a/data/templates/ids/fastnetmon.j2 +++ b/data/templates/ids/fastnetmon.j2 @@ -5,6 +5,9 @@ logging:local_syslog_logging = on # list of all your networks in CIDR format networks_list_path = /run/fastnetmon/networks_list +# list networks in CIDR format which will be not monitored for attacks +white_list_path = /run/fastnetmon/excluded_networks_list + # Enable/Disable any actions in case of attack enable_ban = on enable_ban_ipv6 = on diff --git a/data/templates/ids/fastnetmon_excluded_networks_list.j2 b/data/templates/ids/fastnetmon_excluded_networks_list.j2 new file mode 100644 index 000000000..c88a1c527 --- /dev/null +++ b/data/templates/ids/fastnetmon_excluded_networks_list.j2 @@ -0,0 +1,5 @@ +{% if excluded_network is vyos_defined %} +{% for net in excluded_network %} +{{ net }} +{% endfor %} +{% endif %} -- cgit v1.2.3