summaryrefslogtreecommitdiff
path: root/data/templates/ids/fastnetmon.j2
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/ids/fastnetmon.j2')
-rw-r--r--data/templates/ids/fastnetmon.j2121
1 files changed, 121 insertions, 0 deletions
diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2
new file mode 100644
index 0000000..f6f03d0
--- /dev/null
+++ b/data/templates/ids/fastnetmon.j2
@@ -0,0 +1,121 @@
+# enable this option if you want to send logs to local syslog facility
+logging:logging_level = debug
+logging:local_syslog_logging = on
+
+# list of all your networks in CIDR format
+networks_list_path = /run/fastnetmon/networks_list
+
+# list networks in CIDR format which will be not monitored for attacks
+white_list_path = /run/fastnetmon/excluded_networks_list
+
+# Enable/Disable any actions in case of attack
+enable_ban = on
+enable_ban_ipv6 = on
+
+## How many packets will be collected from attack traffic
+ban_details_records_count = 500
+
+## How long (in seconds) we should keep an IP in blocked state
+## If you set 0 here it completely disables unban capability
+{% if ban_time is vyos_defined %}
+ban_time = {{ ban_time }}
+{% endif %}
+
+# Check if the attack is still active, before triggering an unban callback with this option
+# If the attack is still active, check each run of the unban watchdog
+unban_only_if_attack_finished = on
+
+# enable per subnet speed meters
+# For each subnet, list track speed in bps and pps for both directions
+enable_subnet_counters = off
+
+{% if mode is vyos_defined('mirror') %}
+mirror_afpacket = on
+{% elif mode is vyos_defined('sflow') %}
+sflow = on
+{% if sflow.port is vyos_defined %}
+sflow_port = {{ sflow.port }}
+{% endif %}
+{% if sflow.listen_address is vyos_defined %}
+sflow_host = {{ sflow.listen_address }}
+{% endif %}
+{% endif %}
+
+
+process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off' }}
+process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off' }}
+
+{% if threshold is vyos_defined %}
+{% if threshold.general is vyos_defined %}
+# General threshold
+{% for thr, thr_value in threshold.general.items() %}
+{% if thr is vyos_defined('fps') %}
+ban_for_flows = on
+threshold_flows = {{ thr_value }}
+{% elif thr is vyos_defined('mbps') %}
+ban_for_bandwidth = on
+threshold_mbps = {{ thr_value }}
+{% elif thr is vyos_defined('pps') %}
+ban_for_pps = on
+threshold_pps = {{ thr_value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% if threshold.tcp is vyos_defined %}
+# TCP threshold
+{% for thr, thr_value in threshold.tcp.items() %}
+{% if thr is vyos_defined('fps') %}
+ban_for_tcp_flows = on
+threshold_tcp_flows = {{ thr_value }}
+{% elif thr is vyos_defined('mbps') %}
+ban_for_tcp_bandwidth = on
+threshold_tcp_mbps = {{ thr_value }}
+{% elif thr is vyos_defined('pps') %}
+ban_for_tcp_pps = on
+threshold_tcp_pps = {{ thr_value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% if threshold.udp is vyos_defined %}
+# UDP threshold
+{% for thr, thr_value in threshold.udp.items() %}
+{% if thr is vyos_defined('fps') %}
+ban_for_udp_flows = on
+threshold_udp_flows = {{ thr_value }}
+{% elif thr is vyos_defined('mbps') %}
+ban_for_udp_bandwidth = on
+threshold_udp_mbps = {{ thr_value }}
+{% elif thr is vyos_defined('pps') %}
+ban_for_udp_pps = on
+threshold_udp_pps = {{ thr_value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% if threshold.icmp is vyos_defined %}
+# ICMP threshold
+{% for thr, thr_value in threshold.icmp.items() %}
+{% if thr is vyos_defined('fps') %}
+ban_for_icmp_flows = on
+threshold_icmp_flows = {{ thr_value }}
+{% elif thr is vyos_defined('mbps') %}
+ban_for_icmp_bandwidth = on
+threshold_icmp_mbps = {{ thr_value }}
+{% elif thr is vyos_defined('pps') %}
+ban_for_icmp_pps = on
+threshold_icmp_pps = {{ thr_value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% endif %}
+
+{% if listen_interface is vyos_defined %}
+interfaces = {{ listen_interface | join(',') }}
+{% endif %}
+
+{% if alert_script is vyos_defined %}
+notify_script_path = {{ alert_script }}
+{% endif %}