Mercurial > syslog2iptables

diff xml/syslog2iptables.in @ 27:28fec0c67646

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
make add/remove commands configureable
author carl
date Sun, 12 Feb 2006 10:54:03 -0800
parents ec051169fdfd
children e16a5fb390fa
line wrap: on
line diff
--- a/xml/syslog2iptables.in	Wed Feb 01 10:58:23 2006 -0800
+++ b/xml/syslog2iptables.in	Sun Feb 12 10:54:03 2006 -0800
@@ -172,17 +172,23 @@
         <refsect1 id='description.5'>
             <title>Description</title>
             <para>The <command>@PACKAGE@.conf</command> configuration file is
-            specified by this partial bnf description.</para>
+            specified by this partial bnf description. The entire config file
+            is case sensitive. All the keywords are lower case.
+            </para>
 
             <literallayout class="monospaced"><![CDATA[
-CONFIG    := {THRESHOLD | IGNORE | FILE}+
+CONFIG    := {THRESHOLD | ADD-CMD | REM-CMD | IGNORE | FILE}+
 THRESHOLD := "threshold" THRESHOLD-INTEGER-VALUE ";"
+ADD-CMD   := "add_command" IPT-CMD ";"
+REM-CMD   := "remove_command" IPT-CMD ";"
 IGNORE    := "ignore" "{" IG-SINGLE+ "};"
 IG-SINGLE := IP-ADDRESS "/" CIDR-BITS ";"
 FILE      := "file" FILENAME "{" PATTERN+ "};"
 PATTERN   := "pattern" REGULAR-EXPRESSION "{" {INDEX | BUCKET}+ "};"
 INDEX     := "index" REGEX-INTEGER-VALUE ";"
 BUCKET    := "bucket" BUCKET-ADD-INTEGER-VALUE ";"]]></literallayout>
+IPT-CMD   := string containing exactly one %s replacement token for
+             the ip address
         </refsect1>
 
         <refsect1 id='sample.5'>
@@ -190,6 +196,9 @@
             <literallayout class="monospaced"><![CDATA[
 threshold 550;
 
+add_command    "/sbin/iptables -I INPUT --src %s --jump DROP";
+remove_command "/sbin/iptables -D INPUT --src %s --jump DROP";
+
 ignore {
     127.0.0.0/8;        // localhost
 };