### Autogenerated by ssh.py ###

{% if dynamic_protection is vyos_defined %}
# Full path to backend executable (required, no default)
BACKEND="/usr/libexec/sshguard/sshg-fw-nft-sets"

# Shell command that provides logs on standard output. (optional, no default)
# Example 1: ssh and sendmail from systemd journal:
LOGREADER="LANG=C journalctl -afb -p info -n1 -t sshd -o cat"

#### OPTIONS ####
# Block attackers when their cumulative attack score exceeds THRESHOLD.
# Most attacks have a score of 10. (optional, default 30)
THRESHOLD={{ dynamic_protection.threshold }}

# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD.
# Subsequent blocks increase by a factor of 1.5. (optional, default 120)
BLOCK_TIME={{ dynamic_protection.block_time }}

# Remember potential attackers for up to DETECTION_TIME seconds before
# resetting their score. (optional, default 1800)
DETECTION_TIME={{ dynamic_protection.detect_time }}

# IP addresses listed in the WHITELIST_FILE are considered to be
# friendlies and will never be blocked.
WHITELIST_FILE=/etc/sshguard/whitelist
{% endif %}