diff options
Diffstat (limited to 'data/templates/ids/fastnetmon.j2')
-rw-r--r-- | data/templates/ids/fastnetmon.j2 | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2 new file mode 100644 index 0000000..f6f03d0 --- /dev/null +++ b/data/templates/ids/fastnetmon.j2 @@ -0,0 +1,121 @@ +# enable this option if you want to send logs to local syslog facility +logging:logging_level = debug +logging:local_syslog_logging = on + +# list of all your networks in CIDR format +networks_list_path = /run/fastnetmon/networks_list + +# list networks in CIDR format which will be not monitored for attacks +white_list_path = /run/fastnetmon/excluded_networks_list + +# Enable/Disable any actions in case of attack +enable_ban = on +enable_ban_ipv6 = on + +## How many packets will be collected from attack traffic +ban_details_records_count = 500 + +## How long (in seconds) we should keep an IP in blocked state +## If you set 0 here it completely disables unban capability +{% if ban_time is vyos_defined %} +ban_time = {{ ban_time }} +{% endif %} + +# Check if the attack is still active, before triggering an unban callback with this option +# If the attack is still active, check each run of the unban watchdog +unban_only_if_attack_finished = on + +# enable per subnet speed meters +# For each subnet, list track speed in bps and pps for both directions +enable_subnet_counters = off + +{% if mode is vyos_defined('mirror') %} +mirror_afpacket = on +{% elif mode is vyos_defined('sflow') %} +sflow = on +{% if sflow.port is vyos_defined %} +sflow_port = {{ sflow.port }} +{% endif %} +{% if sflow.listen_address is vyos_defined %} +sflow_host = {{ sflow.listen_address }} +{% endif %} +{% endif %} + + +process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off' }} +process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off' }} + +{% if threshold is vyos_defined %} +{% if threshold.general is vyos_defined %} +# General threshold +{% for thr, thr_value in threshold.general.items() %} +{% if thr is vyos_defined('fps') %} +ban_for_flows = on +threshold_flows = {{ thr_value }} +{% elif thr is vyos_defined('mbps') %} +ban_for_bandwidth = on +threshold_mbps = {{ thr_value }} +{% elif thr is vyos_defined('pps') %} +ban_for_pps = on +threshold_pps = {{ thr_value }} +{% endif %} +{% endfor %} +{% endif %} + +{% if threshold.tcp is vyos_defined %} +# TCP threshold +{% for thr, thr_value in threshold.tcp.items() %} +{% if thr is vyos_defined('fps') %} +ban_for_tcp_flows = on +threshold_tcp_flows = {{ thr_value }} +{% elif thr is vyos_defined('mbps') %} +ban_for_tcp_bandwidth = on +threshold_tcp_mbps = {{ thr_value }} +{% elif thr is vyos_defined('pps') %} +ban_for_tcp_pps = on +threshold_tcp_pps = {{ thr_value }} +{% endif %} +{% endfor %} +{% endif %} + +{% if threshold.udp is vyos_defined %} +# UDP threshold +{% for thr, thr_value in threshold.udp.items() %} +{% if thr is vyos_defined('fps') %} +ban_for_udp_flows = on +threshold_udp_flows = {{ thr_value }} +{% elif thr is vyos_defined('mbps') %} +ban_for_udp_bandwidth = on +threshold_udp_mbps = {{ thr_value }} +{% elif thr is vyos_defined('pps') %} +ban_for_udp_pps = on +threshold_udp_pps = {{ thr_value }} +{% endif %} +{% endfor %} +{% endif %} + +{% if threshold.icmp is vyos_defined %} +# ICMP threshold +{% for thr, thr_value in threshold.icmp.items() %} +{% if thr is vyos_defined('fps') %} +ban_for_icmp_flows = on +threshold_icmp_flows = {{ thr_value }} +{% elif thr is vyos_defined('mbps') %} +ban_for_icmp_bandwidth = on +threshold_icmp_mbps = {{ thr_value }} +{% elif thr is vyos_defined('pps') %} +ban_for_icmp_pps = on +threshold_icmp_pps = {{ thr_value }} +{% endif %} +{% endfor %} +{% endif %} + +{% endif %} + +{% if listen_interface is vyos_defined %} +interfaces = {{ listen_interface | join(',') }} +{% endif %} + +{% if alert_script is vyos_defined %} +notify_script_path = {{ alert_script }} +{% endif %} |