Mercurial > syslog2iptables
comparison xml/syslog2iptables.in @ 27:28fec0c67646
make add/remove commands configureable
author | carl |
---|---|
date | Sun, 12 Feb 2006 10:54:03 -0800 |
parents | ec051169fdfd |
children | e16a5fb390fa |
comparison
equal
deleted
inserted
replaced
26:00bd0b0ef015 | 27:28fec0c67646 |
---|---|
170 </refsynopsisdiv> | 170 </refsynopsisdiv> |
171 | 171 |
172 <refsect1 id='description.5'> | 172 <refsect1 id='description.5'> |
173 <title>Description</title> | 173 <title>Description</title> |
174 <para>The <command>@PACKAGE@.conf</command> configuration file is | 174 <para>The <command>@PACKAGE@.conf</command> configuration file is |
175 specified by this partial bnf description.</para> | 175 specified by this partial bnf description. The entire config file |
176 is case sensitive. All the keywords are lower case. | |
177 </para> | |
176 | 178 |
177 <literallayout class="monospaced"><![CDATA[ | 179 <literallayout class="monospaced"><![CDATA[ |
178 CONFIG := {THRESHOLD | IGNORE | FILE}+ | 180 CONFIG := {THRESHOLD | ADD-CMD | REM-CMD | IGNORE | FILE}+ |
179 THRESHOLD := "threshold" THRESHOLD-INTEGER-VALUE ";" | 181 THRESHOLD := "threshold" THRESHOLD-INTEGER-VALUE ";" |
182 ADD-CMD := "add_command" IPT-CMD ";" | |
183 REM-CMD := "remove_command" IPT-CMD ";" | |
180 IGNORE := "ignore" "{" IG-SINGLE+ "};" | 184 IGNORE := "ignore" "{" IG-SINGLE+ "};" |
181 IG-SINGLE := IP-ADDRESS "/" CIDR-BITS ";" | 185 IG-SINGLE := IP-ADDRESS "/" CIDR-BITS ";" |
182 FILE := "file" FILENAME "{" PATTERN+ "};" | 186 FILE := "file" FILENAME "{" PATTERN+ "};" |
183 PATTERN := "pattern" REGULAR-EXPRESSION "{" {INDEX | BUCKET}+ "};" | 187 PATTERN := "pattern" REGULAR-EXPRESSION "{" {INDEX | BUCKET}+ "};" |
184 INDEX := "index" REGEX-INTEGER-VALUE ";" | 188 INDEX := "index" REGEX-INTEGER-VALUE ";" |
185 BUCKET := "bucket" BUCKET-ADD-INTEGER-VALUE ";"]]></literallayout> | 189 BUCKET := "bucket" BUCKET-ADD-INTEGER-VALUE ";"]]></literallayout> |
190 IPT-CMD := string containing exactly one %s replacement token for | |
191 the ip address | |
186 </refsect1> | 192 </refsect1> |
187 | 193 |
188 <refsect1 id='sample.5'> | 194 <refsect1 id='sample.5'> |
189 <title>Sample</title> | 195 <title>Sample</title> |
190 <literallayout class="monospaced"><![CDATA[ | 196 <literallayout class="monospaced"><![CDATA[ |
191 threshold 550; | 197 threshold 550; |
198 | |
199 add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; | |
200 remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; | |
192 | 201 |
193 ignore { | 202 ignore { |
194 127.0.0.0/8; // localhost | 203 127.0.0.0/8; // localhost |
195 }; | 204 }; |
196 | 205 |