Mercurial > hg > maltfilter

comparison example.conf @ 65:d2e2b82dd2f2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Work on DroneBL support.
author Matti Hamalainen <ccr@tnsp.org>
date Tue, 18 Aug 2009 00:43:10 +0300
parents 8b33436dd18b
children 42889eed0ce8
comparison
equal deleted inserted replaced
64:213e5204abea 65:d2e2b82dd2f2
32 32
33 33
34 ############################################################################# 34 #############################################################################
35 ### Actions, etc. settings 35 ### Actions, etc. settings
36 ############################################################################# 36 #############################################################################
37 ## Weeding treshold in hours. Entries older than this will be removed 37 ## Weeding threshold in hours. Entries older than this will be removed
38 ## off from current netfilter settings (e.g. they become unblocked again.) 38 ## off from current netfilter settings. Also, entries older than this
39 #WEED_BLOCK = 168 39 ## will not be added to netfilter to begin with.
40 #WEED_FILTER = 168
40 41
41 ## For how many hours to keep general information about IP. Affects from 42 ## For how many hours to keep general information about IP. Affects from
42 ## how long period statistics dump shows data. Also hitcount tresholds 43 ## how long period statistics dump shows data. Also hitcount thresholds
43 ## take the old data into account, meaning that if WEED_BLOCK < WEED_GLOBAL 44 ## take the old data into account, meaning that if WEED_FILTER < WEED_GLOBAL
44 ## hit data older than WEED_BLOCK will be counted towards THRESHOLD. 45 ## hit data older than WEED_FILTER will be counted towards THRESHOLD.
45 #WEED_GLOBAL = 336 46 #WEED_GLOBAL = 336
46 47
47 ## How many "hits" the IP needs until it is eligible to be blocked. 48 ## How many "hits" the IP needs until it is eligible to be blocked.
48 ## (the "hits" can be from any "source", e.g. sshd crack, httpd, etc.) 49 ## (the "hits" can be from any "source", e.g. sshd crack, httpd, etc.)
49 #TRESHOLD = 3 50 #THRESHOLD = 3
50 51
51 ## Target iptables action for added entries, default is DROP, but you 52 ## Target iptables action for added entries, default is DROP, but you
52 ## can use whatever rule chain name you want to here. 53 ## can use whatever rule chain name you want to here.
53 #ACTION = "DROP" 54 #ACTION = "DROP"
54 55
172 ## files will have contents of the attempted XSS URI. *.hosts files 173 ## files will have contents of the attempted XSS URI. *.hosts files
173 ## list which hosts have attempted to exploit this specific URI. 174 ## list which hosts have attempted to exploit this specific URI.
174 175
175 #EVIDENCE = 0 176 #EVIDENCE = 0
176 #EVIDENCE_DIR = "/var/run/malt-evidence" 177 #EVIDENCE_DIR = "/var/run/malt-evidence"
178
179
180 #############################################################################
181 ### DroneBL submissions
182 #############################################################################
183 ## Maltfilter can automatically submit entries to DroneBL DNSBL service.
184 ## See <http://www.dronebl.org/> for more information.
185
186 ## 0 = submission disabled, otherwise enabled
187 DRONEBL = 0
188
189 ## Number of hits required before host IP goes to submission queue.
190 ## This setting is independent of the general THRESHOLD value and
191 ## only affects DroneBL submissions.
192 DRONEBL_THRESHOLD = 5
193
194 ## Maximum age of hits counted towards DroneBL submission threshold.
195 ## There is currently no weeding of submissions.
196 DRONEBL_MAX_AGE = 30
197
198 ## Your personal RPC key. This _MUST_ be set to a valid value, if you
199 ## have enabled submissions. To get a personal key, go to:
200 ## http://www.dronebl.org/rpckey_signup
201 DRONEBL_RPC_KEY = ""
202
203 ## RPC2 submission URI, usually you do not need to change this.
204 #DRONEBL_RPC_URI = "http://dronebl.org/RPC2"