55 lines
1018 B
Bash
55 lines
1018 B
Bash
#!/usr/bin/env bash
|
|
|
|
|
|
# -------------
|
|
# --- Logging
|
|
# -------------
|
|
|
|
if $(ps -e f | grep -q -E "/usr/sbin/ulogd2?\s" 2>/dev/null) ; then
|
|
tag_log_prefix="--nflog-prefix"
|
|
LOG_TARGET="NFLOG --nflog-group 12"
|
|
else
|
|
# - Log using the specified syslog level. 7 (debug) is a good choice
|
|
# - unless you specifically need something else.
|
|
# -
|
|
log_level=debug
|
|
LOG_TARGET="LOG --log-level $log_level"
|
|
tag_log_prefix="--log-prefix"
|
|
fi
|
|
|
|
log_all=false
|
|
|
|
log_syn_flood=false
|
|
log_port_scanning=false
|
|
log_ssh_brute_force=false
|
|
log_fragments=false
|
|
log_new_not_sync=false
|
|
log_syn_with_suspicious_mss=false
|
|
log_invalid_packets=false
|
|
log_invalid_state=false
|
|
log_invalid_flags=false
|
|
log_spoofed=false
|
|
log_spoofed_out=false
|
|
log_to_lo=false
|
|
log_not_wanted=false
|
|
log_blocked=false
|
|
log_unprotected=false
|
|
log_forwarding_priv_ip=false
|
|
log_prohibited=false
|
|
log_voip=false
|
|
log_rejected=true
|
|
|
|
log_ssh=false
|
|
|
|
# - logging messages
|
|
# -
|
|
log_prefix="[ IPv6 ]"
|
|
|
|
|
|
# ---
|
|
# - Log all traffic for givven ip address
|
|
# ---
|
|
|
|
log_ips=""
|
|
|