| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 |
- # vim: syntax=sh
- eth0=enp5s0
- wan=enp1s0
- locnet=192.168.1.0/24
- lanip=192.168.1.1
- lanbro=192.168.1.255
- ## badips.com ##
- # ipset name
- banset=badips
- # set size, default 65536
- badmaxelems=131072
- # 0 - 5 , 0 will ban max
- banlevel=0
- # ban time in seconds, 1 week = 604800, 1 day = 86400
- banttl=604800
- # h,d,w,m,y
- rangecheck=2h
- # ssh,http... or any
- banservice=any
- ## whitenets ##
- #ipset name
- whiteset=goodips
- # set size, default 65536
- whitemaxelems=65536
- # default ttl
- whitettl=172800
- ## scannets ##
- #ipset name
- scanset=scanips
- # set size, default 65536
- scanmaxelems=65536
- # default ttl
- scanttl=172800
- ## DEBUG ##
- loginput=true
- logforward=true
- logbad=true
- logscan=true
- logcast=true
- debugtcp=true
- debugudp=true
- debugicmp=true
- ## default hook order ##
- hooks=(
- base
- cast
- lan
- whitenets
- forward
- public
- badips
- white
- scanips
- final
- )
- ## iptables invocation command ##
- iptables="iptables -w"
|
