# vim: syntax=sh

eth0=enp5s0
wan=enp1s0
locnet=192.168.1.0/24
lanip=192.168.1.1
lanbro=192.168.1.255

## badips.com ##
blockbad=true
logbad=true
# ipset name
badset=badips
# set size, default 65536
badmax=131072
# 0 - 5 , 0 will ban max
badlevel=0
# ban time in seconds,  1 week =  604800,  1 day = 86400
badttl=604800
# h,d,w,m,y
badrange=2h
# ssh,http... or any
badservice=any

## whitenets ##
whitenets=true
#ipset name
whitenetset=whitenets
# set size, default 65536
whitenetmax=65536
# default ttl
whitenetttl=172800

## scannets ##
blockscan=true
logscan=true
#ipset name
scanset=scanips
# set size, default 65536
scanmax=65536
# default ttl
scanttl=172800

## whitelistip ##
whiteip=true
unblockscan=true
unblockbad=true
#ipset name
whiteipset=whiteips
# set size, default 65536
whiteipmax=65536
# default ttl
whiteipttl=172800

## Multicast and broadcast ##
cast=true
blockcast=false
logcast=true

## DEBUG ##
loginput=true
logstrange=true
logbroken=true
loginvalid=true
logforward=true
debugtcp=true
debugudp=true
debugicmp=true

## default hook order ##
hooks=(
base
cast
lan
public
badips
whitenets
scanips
final
)

## iptables invocation command ##
iptables="iptables -w"