#!/usr/bin/env bash


# -------------
# --- Logging
# -------------

if $(ps -e f | grep -q -E "/usr/sbin/ulogd2?\s" 2>/dev/null) ; then 
   tag_log_prefix="--nflog-prefix"
   LOG_TARGET="NFLOG --nflog-group 12"
else 
   # - Log using the specified syslog level. 7 (debug) is a good choice 
   # - unless you specifically need something else. 
   # -
   log_level=debug
   LOG_TARGET="LOG --log-level $log_level"
   tag_log_prefix="--log-prefix"
fi

log_all=false

log_syn_flood=false
log_port_scanning=false
log_ssh_brute_force=false
log_fragments=false
log_mdns=false
log_mndp=false
log_new_not_sync=false
log_syn_with_suspicious_mss=false
log_invalid_packets=false
log_invalid_state=false
log_invalid_flags=false
log_spoofed=false
log_spoofed_out=false
log_private_network_out=false
log_to_lo=false
log_not_wanted=false
log_blocked=false
log_unprotected=false
log_forwarding_priv_ip=false
log_prohibited=false
log_voip=false
log_rejected=true

log_blocked_ip=false

log_ssh=false

# - logging messages
# -
log_prefix="[ IPv6 ]"


# ---
# - Log all traffic for givven ip address
# ---

# - You can also give hostname(s)
# -
# - Blank seoarated list of ips/hostnames
# -
log_ips=""