Mercurial > syslog2iptables
diff xml/syslog2iptables.in @ 27:28fec0c67646
make add/remove commands configureable
author | carl |
---|---|
date | Sun, 12 Feb 2006 10:54:03 -0800 |
parents | ec051169fdfd |
children | e16a5fb390fa |
line wrap: on
line diff
--- a/xml/syslog2iptables.in Wed Feb 01 10:58:23 2006 -0800 +++ b/xml/syslog2iptables.in Sun Feb 12 10:54:03 2006 -0800 @@ -172,17 +172,23 @@ <refsect1 id='description.5'> <title>Description</title> <para>The <command>@PACKAGE@.conf</command> configuration file is - specified by this partial bnf description.</para> + specified by this partial bnf description. The entire config file + is case sensitive. All the keywords are lower case. + </para> <literallayout class="monospaced"><![CDATA[ -CONFIG := {THRESHOLD | IGNORE | FILE}+ +CONFIG := {THRESHOLD | ADD-CMD | REM-CMD | IGNORE | FILE}+ THRESHOLD := "threshold" THRESHOLD-INTEGER-VALUE ";" +ADD-CMD := "add_command" IPT-CMD ";" +REM-CMD := "remove_command" IPT-CMD ";" IGNORE := "ignore" "{" IG-SINGLE+ "};" IG-SINGLE := IP-ADDRESS "/" CIDR-BITS ";" FILE := "file" FILENAME "{" PATTERN+ "};" PATTERN := "pattern" REGULAR-EXPRESSION "{" {INDEX | BUCKET}+ "};" INDEX := "index" REGEX-INTEGER-VALUE ";" BUCKET := "bucket" BUCKET-ADD-INTEGER-VALUE ";"]]></literallayout> +IPT-CMD := string containing exactly one %s replacement token for + the ip address </refsect1> <refsect1 id='sample.5'> @@ -190,6 +196,9 @@ <literallayout class="monospaced"><![CDATA[ threshold 550; +add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; +remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; + ignore { 127.0.0.0/8; // localhost };