Mercurial > hg > maltfilter
comparison example.conf @ 65:d2e2b82dd2f2
Work on DroneBL support.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Tue, 18 Aug 2009 00:43:10 +0300 |
parents | 8b33436dd18b |
children | 42889eed0ce8 |
comparison
equal
deleted
inserted
replaced
64:213e5204abea | 65:d2e2b82dd2f2 |
---|---|
32 | 32 |
33 | 33 |
34 ############################################################################# | 34 ############################################################################# |
35 ### Actions, etc. settings | 35 ### Actions, etc. settings |
36 ############################################################################# | 36 ############################################################################# |
37 ## Weeding treshold in hours. Entries older than this will be removed | 37 ## Weeding threshold in hours. Entries older than this will be removed |
38 ## off from current netfilter settings (e.g. they become unblocked again.) | 38 ## off from current netfilter settings. Also, entries older than this |
39 #WEED_BLOCK = 168 | 39 ## will not be added to netfilter to begin with. |
40 #WEED_FILTER = 168 | |
40 | 41 |
41 ## For how many hours to keep general information about IP. Affects from | 42 ## For how many hours to keep general information about IP. Affects from |
42 ## how long period statistics dump shows data. Also hitcount tresholds | 43 ## how long period statistics dump shows data. Also hitcount thresholds |
43 ## take the old data into account, meaning that if WEED_BLOCK < WEED_GLOBAL | 44 ## take the old data into account, meaning that if WEED_FILTER < WEED_GLOBAL |
44 ## hit data older than WEED_BLOCK will be counted towards THRESHOLD. | 45 ## hit data older than WEED_FILTER will be counted towards THRESHOLD. |
45 #WEED_GLOBAL = 336 | 46 #WEED_GLOBAL = 336 |
46 | 47 |
47 ## How many "hits" the IP needs until it is eligible to be blocked. | 48 ## How many "hits" the IP needs until it is eligible to be blocked. |
48 ## (the "hits" can be from any "source", e.g. sshd crack, httpd, etc.) | 49 ## (the "hits" can be from any "source", e.g. sshd crack, httpd, etc.) |
49 #TRESHOLD = 3 | 50 #THRESHOLD = 3 |
50 | 51 |
51 ## Target iptables action for added entries, default is DROP, but you | 52 ## Target iptables action for added entries, default is DROP, but you |
52 ## can use whatever rule chain name you want to here. | 53 ## can use whatever rule chain name you want to here. |
53 #ACTION = "DROP" | 54 #ACTION = "DROP" |
54 | 55 |
172 ## files will have contents of the attempted XSS URI. *.hosts files | 173 ## files will have contents of the attempted XSS URI. *.hosts files |
173 ## list which hosts have attempted to exploit this specific URI. | 174 ## list which hosts have attempted to exploit this specific URI. |
174 | 175 |
175 #EVIDENCE = 0 | 176 #EVIDENCE = 0 |
176 #EVIDENCE_DIR = "/var/run/malt-evidence" | 177 #EVIDENCE_DIR = "/var/run/malt-evidence" |
178 | |
179 | |
180 ############################################################################# | |
181 ### DroneBL submissions | |
182 ############################################################################# | |
183 ## Maltfilter can automatically submit entries to DroneBL DNSBL service. | |
184 ## See <http://www.dronebl.org/> for more information. | |
185 | |
186 ## 0 = submission disabled, otherwise enabled | |
187 DRONEBL = 0 | |
188 | |
189 ## Number of hits required before host IP goes to submission queue. | |
190 ## This setting is independent of the general THRESHOLD value and | |
191 ## only affects DroneBL submissions. | |
192 DRONEBL_THRESHOLD = 5 | |
193 | |
194 ## Maximum age of hits counted towards DroneBL submission threshold. | |
195 ## There is currently no weeding of submissions. | |
196 DRONEBL_MAX_AGE = 30 | |
197 | |
198 ## Your personal RPC key. This _MUST_ be set to a valid value, if you | |
199 ## have enabled submissions. To get a personal key, go to: | |
200 ## http://www.dronebl.org/rpckey_signup | |
201 DRONEBL_RPC_KEY = "" | |
202 | |
203 ## RPC2 submission URI, usually you do not need to change this. | |
204 #DRONEBL_RPC_URI = "http://dronebl.org/RPC2" |