# enable this option if you want to send logs to local syslog facility
logging:local_syslog_logging = on

# list of all your networks in CIDR format
networks_list_path = /etc/networks_list

# list networks in CIDR format which will be not monitored for attacks
white_list_path = /etc/networks_whitelist

# Enable/Disable any actions in case of attack
enable_ban = on

## How many packets will be collected from attack traffic
ban_details_records_count = 500

## How long (in seconds) we should keep an IP in blocked state
## If you set 0 here it completely disables unban capability
ban_time = 1900

# Check if the attack is still active, before triggering an unban callback with this option
# If the attack is still active, check each run of the unban watchdog
unban_only_if_attack_finished = on

# enable per subnet speed meters
# For each subnet, list track speed in bps and pps for both directions
enable_subnet_counters = off

{% if "mirror" in mode %}
mirror_afpacket = on
{% endif %}

{% if "in" in direction %}
process_incoming_traffic = on
{% endif %}
{% if "out" in direction %}
process_outgoing_traffic = on
{% endif %}
{% for th in threshold %}
{% if th == "fps" %}
ban_for_flows = on
threshold_flows = {{ threshold[th] }}
{% endif %}
{% if th == "mbps" %}
ban_for_bandwidth = on
threshold_mbps = {{ threshold[th] }}
{% endif %}
{% if th == "pps" %}
ban_for_pps = on
threshold_pps = {{ threshold[th] }}
{% endif %}
{% endfor %}

{% if listen_interface %}
{% set value = listen_interface if listen_interface is string else listen_interface | join(',') %}
interfaces = {{ value }}
{% endif %}

{% if alert_script %}
notify_script_path = {{ alert_script }}
{% endif %}