| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- # vim: syntax=sh
- eth0=enp5s0
- wan=enp1s0
- locnet=192.168.1.0/24
- lanip=192.168.1.1
- lanbro=192.168.1.255
- ## badips.com ##
- # ipset name
- banset=badips
- # set size, default 65536
- badmaxelems=131072
- # 0 - 5 , 0 will ban max
- banlevel=0
- # ban time in seconds, 1 week = 604800, 1 day = 86400
- banttl=604800
- # h,d,w,m,y
- rangecheck=1h
- # ssh,http... or any
- banservice=any
- ## whitenets ##
- #ipset name
- whiteset=goodips
- # set size, default 65536
- whitemaxelems=65536
- # default ttl
- whitettl=172800
- ## scannets ##
- #ipset name
- scanset=scanips
- # set size, default 65536
- scanmaxelems=65536
- # default ttl
- scanttl=172800
- ## DEBUG ##
- loginput=true
- logforward=true
- debugtcp=true
- debugudp=true
- debugicmp=true
- ## default hook order ##
- # hooks="set_defaults setup_whitenets setup_nat setup_forward setup_base setup_badips setup_white setup_public setup_scanips setup_cast setup_final"
- ## Default iptables invocation command ##
- #IPTABLESCMD="iptables -w"
|
