Merge pull request #1624 from dmbaturin/T6919-good-bye-fastnetmon

T7241: remove Fastnetmon

2 files changed, 0 insertions, 180 deletions

diff --git a/docs/configuration/service/ids.rst b/docs/configuration/service/ids.rst
deleted file mode 100644
index 8a64467f..00000000
--- a/docs/configuration/service/ids.rst
+++ /dev/null
@@ -1,179 +0,0 @@
-.. _ids:
-
-###############
-DDoS Protection
-###############
-
-**********
-FastNetMon
-**********
-
-FastNetMon is a high-performance DDoS detector/sensor built on top of multiple
-packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror). It can
-detect hosts in the deployed network sending or receiving large volumes of
-traffic, packets/bytes/flows per second and perform a configurable action to
-handle that event, such as calling a custom script.
-
-VyOS includes the FastNetMon Community Edition.
-
-Configuration
-=============
-
-.. cfgcmd:: set service ids ddos-protection alert-script <text>
-
-    Configure alert script that will be executed when an attack is detected.
-
-.. cfgcmd:: set service ids ddos-protection ban-time <1-4294967294>
-
-    Configure how long an IP (attacker) should be kept in blocked state.
-    Default value is 1900.
-
-.. cfgcmd:: set service ids ddos-protection direction [in | out]
-
-    Configure direction for processing traffic. 
-
-.. cfgcmd:: set service ids ddos-protection exclude-network <x.x.x.x/x>
-.. cfgcmd:: set service ids ddos-protection exclude-network <h:h:h:h:h:h:h:h/x>
-
-    Specify IPv4 and/or IPv6 networks which are going to be excluded.
-
-.. cfgcmd:: set service ids ddos-protection listen-interface <text>
-
-    Configure listen interface for mirroring traffic.
-
-.. cfgcmd:: set service ids ddos-protection mode [mirror | sflow]
-
-    Configure traffic capture mode.
-
-.. cfgcmd:: set service ids ddos-protection network <x.x.x.x/x>
-.. cfgcmd:: set service ids ddos-protection network <h:h:h:h:h:h:h:h/x>
-
-    Specify IPv4 and/or IPv6 networks that should be protected/monitored.
-
-.. cfgcmd:: set service ids ddos-protection sflow listen-address <x.x.x.x>
-
-    Configure local IPv4 address to listen for sflow.
-
-.. cfgcmd:: set service ids ddos-protection sflow port <1-65535>
-
-    Configure port number to be used for sflow connection. Default port is 6343.
-
-.. cfgcmd:: set service ids ddos-protection threshold general
-   [fps | mbps | pps] <0-4294967294>
-
-    Configure general threshold parameters.
-
-.. cfgcmd:: set service ids ddos-protection threshold icmp
-   [fps | mbps | pps] <0-4294967294>
-
-    Configure ICMP threshold parameters.
-
-.. cfgcmd:: set service ids ddos-protection threshold tcp
-   [fps | mbps | pps] <0-4294967294>
-
-    Configure TCP threshold parameters
-
-.. cfgcmd:: set service ids ddos-protection threshold udp
-   [fps | mbps | pps] <0-4294967294>
-
-    Configure UDP threshold parameters
-
-Example
-=======
-
-A configuration example can be found in this section.
-In this simplified scenario, main things to be considered are:
-
-    * Network to be protected: 192.0.2.0/24 (public IPs use by
-      customers)
-
-    * **ban-time** and **threshold**: these values are kept very low in order
-      to easily identify and generate and attack.
-
-    * Direction: **in** and **out**. Protect public network from external
-      attacks, and identify internal attacks towards internet.
-
-    * Interface **eth0** used to connect to upstream.
-
-Since we are analyzing attacks to and from our internal network, two types
-of attacks can be identified, and different actions are needed:
-
-    * External attack: an attack from the internet towards an internal IP
-      is identify. In this case, all connections towards such IP will be
-      blocked
-
-    * Internal attack: an attack from the internal network (generated by a
-      customer) towards the internet is identify. In this case, all connections
-      from this particular IP/Customer will be blocked.
- 
-
-So, firewall configuration needed for this setup:
-
-.. code-block:: none
-
-    set firewall group address-group FNMS-DST-Block
-    set firewall group address-group FNMS-SRC-Block
-
-    set firewall ipv4 forward filter rule 10 action 'drop'
-    set firewall ipv4 forward filter rule 10 description 'FNMS - block destination'
-    set firewall ipv4 forward filter rule 10 destination group address-group 'FNMS-DST-Block'
-
-    set firewall ipv4 forward filter rule 20 action 'drop'
-    set firewall ipv4 forward filter rule 20 description 'FNMS - Block source'
-    set firewall ipv4 forward filter rule 20 source group address-group 'FNMS-SRC-Block'
-
-Then, FastNetMon configuration:
-
-.. code-block:: none
-
-    set service ids ddos-protection alert-script '/config/scripts/fnm-alert.sh'
-    set service ids ddos-protection ban-time '10'
-    set service ids ddos-protection direction 'in'
-    set service ids ddos-protection direction 'out'
-    set service ids ddos-protection listen-interface 'eth0'
-    set service ids ddos-protection mode 'mirror'
-    set service ids ddos-protection network '192.0.2.0/24'
-    set service ids ddos-protection threshold general pps '100'
-
-And content of the script:
-
-.. code-block:: none
-
-    #!/bin/bash
-
-    # alert-script is called twice.
-    # When an attack occurs, the program calls a bash script twice:
-    # 1st time when threshold exceed
-    # 2nd when we collect 100 packets for detailed audit of what happened.
-
-    # Do nothing if “attack_details” is passed as an argument
-    if [ "${4}" == "attack_details" ]; then
-        # Do nothing
-        exit
-    fi
-    # Arguments:
-    ip=$1
-    direction=$2
-    pps_rate=$3
-    action=$4 
-
-    logger -t FNMS "** Start - Running alert script **"
-
-    if [ "${direction}" == "incoming" ] ; then
-        group="FNMS-DST-Block"
-        origin="external"
-    else
-        group="FNMS-SRC-Block"
-        origin="internal"
-    fi
-
-    if [ "${action}" == "ban" ] ; then
-        logger -t FNMS "Attack detected for IP ${ip} and ${direction} direction from ${origin} network. Need to block IP address."
-        logger -t FNMS "Adding IP address ${ip} to firewall group ${group}."
-        sudo nft add element ip vyos_filter A_${group} { ${ip} }
-    else
-        logger -t FNMS "Timeout for IP ${ip}, removing it from group ${group}."
-        sudo nft delete element ip vyos_filter A_${group} { ${ip} }
-    fi
-    logger -t FNMS "** End - Running alert script **"
-    exit
diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst
index f5c97d14..fb6f8413 100644
--- a/docs/configuration/service/index.rst
+++ b/docs/configuration/service/index.rst
@@ -16,7 +16,6 @@ Service
    dns
    eventhandler
    https
-   ids
    ipoe-server
    lldp
    mdns