Mercurial > syslog2iptables
comparison xml/syslog2iptables.in @ 27:28fec0c67646
make add/remove commands configureable
| author | carl |
|---|---|
| date | Sun, 12 Feb 2006 10:54:03 -0800 |
| parents | ec051169fdfd |
| children | e16a5fb390fa |
comparison
equal
deleted
inserted
replaced
| 26:00bd0b0ef015 | 27:28fec0c67646 |
|---|---|
| 170 </refsynopsisdiv> | 170 </refsynopsisdiv> |
| 171 | 171 |
| 172 <refsect1 id='description.5'> | 172 <refsect1 id='description.5'> |
| 173 <title>Description</title> | 173 <title>Description</title> |
| 174 <para>The <command>@PACKAGE@.conf</command> configuration file is | 174 <para>The <command>@PACKAGE@.conf</command> configuration file is |
| 175 specified by this partial bnf description.</para> | 175 specified by this partial bnf description. The entire config file |
| 176 is case sensitive. All the keywords are lower case. | |
| 177 </para> | |
| 176 | 178 |
| 177 <literallayout class="monospaced"><![CDATA[ | 179 <literallayout class="monospaced"><![CDATA[ |
| 178 CONFIG := {THRESHOLD | IGNORE | FILE}+ | 180 CONFIG := {THRESHOLD | ADD-CMD | REM-CMD | IGNORE | FILE}+ |
| 179 THRESHOLD := "threshold" THRESHOLD-INTEGER-VALUE ";" | 181 THRESHOLD := "threshold" THRESHOLD-INTEGER-VALUE ";" |
| 182 ADD-CMD := "add_command" IPT-CMD ";" | |
| 183 REM-CMD := "remove_command" IPT-CMD ";" | |
| 180 IGNORE := "ignore" "{" IG-SINGLE+ "};" | 184 IGNORE := "ignore" "{" IG-SINGLE+ "};" |
| 181 IG-SINGLE := IP-ADDRESS "/" CIDR-BITS ";" | 185 IG-SINGLE := IP-ADDRESS "/" CIDR-BITS ";" |
| 182 FILE := "file" FILENAME "{" PATTERN+ "};" | 186 FILE := "file" FILENAME "{" PATTERN+ "};" |
| 183 PATTERN := "pattern" REGULAR-EXPRESSION "{" {INDEX | BUCKET}+ "};" | 187 PATTERN := "pattern" REGULAR-EXPRESSION "{" {INDEX | BUCKET}+ "};" |
| 184 INDEX := "index" REGEX-INTEGER-VALUE ";" | 188 INDEX := "index" REGEX-INTEGER-VALUE ";" |
| 185 BUCKET := "bucket" BUCKET-ADD-INTEGER-VALUE ";"]]></literallayout> | 189 BUCKET := "bucket" BUCKET-ADD-INTEGER-VALUE ";"]]></literallayout> |
| 190 IPT-CMD := string containing exactly one %s replacement token for | |
| 191 the ip address | |
| 186 </refsect1> | 192 </refsect1> |
| 187 | 193 |
| 188 <refsect1 id='sample.5'> | 194 <refsect1 id='sample.5'> |
| 189 <title>Sample</title> | 195 <title>Sample</title> |
| 190 <literallayout class="monospaced"><![CDATA[ | 196 <literallayout class="monospaced"><![CDATA[ |
| 191 threshold 550; | 197 threshold 550; |
| 198 | |
| 199 add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; | |
| 200 remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; | |
| 192 | 201 |
| 193 ignore { | 202 ignore { |
| 194 127.0.0.0/8; // localhost | 203 127.0.0.0/8; // localhost |
| 195 }; | 204 }; |
| 196 | 205 |