Mercurial > hg > maltfilter
comparison example.conf @ 69:b090ddfccdab
Cleanups. Improve IP/host definitions.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Wed, 26 Aug 2009 15:19:08 +0300 |
| parents | 42889eed0ce8 |
| children | 532169789f52 |
comparison
equal
deleted
inserted
replaced
| 68:bac5931b8312 | 69:b090ddfccdab |
|---|---|
| 20 | 20 |
| 21 ## IP addresses that should NOT be blocked under any circumstances. You should | 21 ## IP addresses that should NOT be blocked under any circumstances. You should |
| 22 ## set this if you wish to have a surefire open channel from some host, even in | 22 ## set this if you wish to have a surefire open channel from some host, even in |
| 23 ## the case someone tries to spoof IPs for denial of service. | 23 ## the case someone tries to spoof IPs for denial of service. |
| 24 ## | 24 ## |
| 25 ## NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names. | 25 ## NOTICE! This setting supports only IPv4 addresses and address ranges, no |
| 26 ## You can have any number of NOACTION_IPS settings. | 26 ## IPv6 or DNS names. You can have any number of NOACTION_IPS settings. |
| 27 #NOACTION_IPS = "192.121.86.15" | 27 #NOACTION_IPS = "192.121.86.15" |
| 28 #NOACTION_IPS = "74.125.45.100" | 28 #NOACTION_IPS = "74.125.45.100" |
| 29 | |
| 30 ## Also ranges defined via CIDR notation can be used: | |
| 31 #NOACTION_IPS = "213.129.224.0/19" | |
| 29 | 32 |
| 30 ## For how many hours to keep general information about IP. Affects from | 33 ## For how many hours to keep general information about IP. Affects from |
| 31 ## how long period statistics dump shows data. Also hitcount thresholds | 34 ## how long period statistics dump shows data. Also hitcount thresholds |
| 32 ## take the old data into account, meaning that if FILTER_MAX_AGE < GLOBAL_MAX_AGE | 35 ## take the old data into account, meaning that if FILTER_MAX_AGE < GLOBAL_MAX_AGE |
| 33 ## hit data older than FILTER_MAX_AGE will be counted towards THRESHOLD. | 36 ## hit data older than FILTER_MAX_AGE will be counted towards THRESHOLD. |
| 36 ## System passwd file location (default is /etc/passwd), this file | 39 ## System passwd file location (default is /etc/passwd), this file |
| 37 ## is checked to figure out system account names. See also SYSACCT_* | 40 ## is checked to figure out system account names. See also SYSACCT_* |
| 38 ## settings below. | 41 ## settings below. |
| 39 #PASSWD = "/etc/passwd" | 42 #PASSWD = "/etc/passwd" |
| 40 | 43 |
| 41 ## Set range of system account UIDs here, default is 1-100. | 44 ## Set range of system account UIDs here, default is 1-999. |
| 42 ## Root account is handled by CHK_ROOT_SSH_PWD check. | 45 ## Root account is handled by CHK_ROOT_SSH_PWD check. |
| 43 #SYSACCT_MIN_UID = 1 | 46 #SYSACCT_MIN_UID = 1 |
| 44 #SYSACCT_MAX_UID = 100 | 47 #SYSACCT_MAX_UID = 999 |
| 45 | 48 |
| 46 | 49 |
| 47 ############################################################################# | 50 ############################################################################# |
| 48 ### Netfilter actions | 51 ### Netfilter actions |
| 49 ############################################################################# | 52 ############################################################################# |