# vim: syntax=sh

eth0=enp5s0
wan=enp1s0
locnet=192.168.1.0/24
lanip=192.168.1.1
lanbro=192.168.1.255

## badips.com ##
# ipset name
banset=badips
# set size, default 65536
badmaxelems=131072
# 0 - 5 , 0 will ban max
banlevel=0
# ban time in seconds,  1 week =  604800,  1 day = 86400
banttl=604800
# h,d,w,m,y
rangecheck=1h
# ssh,http... or any
banservice=any

## whitenets ##
#ipset name
whiteset=goodips
# set size, default 65536
whitemaxelems=65536
# default ttl
whitettl=172800

## scannets ##
#ipset name
scanset=scanips
# set size, default 65536
scanmaxelems=65536
# default ttl
scanttl=172800

## DEBUG ##
loginput=true
logforward=true
logbad=true
logscan=true
logcast=true
debugtcp=true
debugudp=true
debugicmp=true

## default hook order ##
hooks=(
base
lan
whitenets
forward
badips
white
public
scanips
cast
final
)

## iptables invocation command ##
iptables="iptables -w"