1 # /etc/mbse-firewall/firewall.conf |
1 # /etc/mbse-firewall/firewall.conf |
2 |
2 |
3 # --------------------------------------------------------------------------- |
3 # --------------------------------------------------------------------------- |
4 # Copyright (C) 2013-2014 by Michiel Broek. |
4 # Copyright (C) 2013-2015 by Michiel Broek. |
5 # Homepage http://www.mbse.eu |
5 # Homepage http://www.mbse.eu |
6 # Email mbse At mbse dOt eu |
6 # Email mbse At mbse dOt eu |
7 # |
7 # |
8 # This file is part of mbse-firewall. |
8 # This file is part of mbse-firewall. |
9 # |
9 # |
46 # Enable automatic blacklisting of hosts that do any kind portscanning. |
46 # Enable automatic blacklisting of hosts that do any kind portscanning. |
47 # This is tested by any rules not matched on the external interface(s) INPUT |
47 # This is tested by any rules not matched on the external interface(s) INPUT |
48 # or FORWARD chain and is a repeated undefined port from the same IP. |
48 # or FORWARD chain and is a repeated undefined port from the same IP. |
49 # These hosts are blocked using ipset for one hour. |
49 # These hosts are blocked using ipset for one hour. |
50 #IF_EXT_AUTO_BLOCK="1" |
50 #IF_EXT_AUTO_BLOCK="1" |
|
51 |
|
52 # Use global blocking table. This just inserts rules to block hosts that |
|
53 # are found in the sets global-blk4 or global-blk6. Other programs like |
|
54 # ossec, fail2ban etc need to put the bad hosts in these tables. |
|
55 #IF_EXT_GLOBAL_BLOCK="1" |
51 |
56 |
52 # Block time in seconds when a host is blocked. Default is 3600. |
57 # Block time in seconds when a host is blocked. Default is 3600. |
53 #IF_EXT_AUTO_TO=172800 |
58 #IF_EXT_AUTO_TO=172800 |
54 |
59 |
55 # Average detect limit, default 5/hour |
60 # Average detect limit, default 5/hour |