"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/etc/arno-iptables-firewall/plugins/ids-protection.conf" (16 Sep 2020, 1609 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Generic config files source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "ids-protection.conf": 2.0.3_vs_2.1.0.

    1 # ------------------------------------------------------------------------------
    2 #          -= Arno's Iptables Firewall(AIF) - IDS Protection plugin =-
    3 # ------------------------------------------------------------------------------
    4 
    5 # To actually enable this plugin make ENABLED=1:
    6 # ------------------------------------------------------------------------------
    7 ENABLED=0
    8 
    9 # Interface(s) that should be protected by IDS. Default is all external interfaces
   10 # ------------------------------------------------------------------------------
   11 IDS_INTERFACE=""
   12 
   13 # Specify here the hosts you want to allow to bypass the IDS protection checks
   14 # ------------------------------------------------------------------------------
   15 IDS_TRUSTED_HOSTS=""
   16 
   17 # Specify here the TCP & UDP ports you like to exclude from IDS checking
   18 # ------------------------------------------------------------------------------
   19 IDS_EXCLUDE_TCP=""
   20 IDS_EXCLUDE_UDP=""
   21 
   22 # 1st set of maximum allowed connection attempts (default: 4 connections/60 seconds)
   23 # ------------------------------------------------------------------------------
   24 IDS_MAX_RATE1="4"
   25 IDS_MAX_TIME1="60"
   26 
   27 # 2nd set of maximum allowed connection attempts (default: 10 connections/1800 seconds)
   28 # ------------------------------------------------------------------------------
   29 IDS_MAX_RATE2="10"
   30 IDS_MAX_TIME2="1800"
   31 
   32 # (EXPERT SETTING!) If ip6tables '-m recent' IPv6 support is not available:
   33 # Disable (0) if the kernel module xt_recent is not available, only IPv4 will be used.
   34 # ------------------------------------------------------------------------------
   35 IDS_IPV6_ENABLE=1
   36