config/guardian/guardian.conf

   1 # The machines IP address that is visable to the internet
   2 # If this is left undefined, then guardian will attempt to get the information
   3 # from ifconfig, as long as it has an interface to use. This would be useful
   4 # for people on ppp links, or dhcp machines, or if you are lazy :)
   5 # HostIpAddr
   6
   7 # Here we define the interface which we will use to guess the IP address, and
   8 # block incoming offending packets. This is the only option that is required
   9 # for guardian to run. If the rest are undefined, guardian will use the default.
  10 Interface       ppp0
  11
  12 # The last octet of the ip address, which gives us the gateway address.
  13 HostGatewayByte  1
  14
  15 # Guardian's log file
  16 LogFile         /var/log/guardian/guardian.log
  17
  18 # Snort's alert file. This can be the snort.alert file, or a syslog file
  19 # There might be some snort alerts that get logged to syslog which guardian
  20 # might not see..
  21 AlertFile       /var/log/snort/alert
  22
  23 # The list of ip addresses to ignore
  24 IgnoreFile      /var/ipfire/guardian.ignore
  25
  26 # This is a list of IP addresses on the current host, in case there is more
  27 # than one. If this file doesn't exist, then it will assume you want to run
  28 # with the default setup (machine's ip address, and broadcast/network).
  29 TargetFile      /var/ipfire/guardian.target
  30
  31 # The time in seconds to keep a host blocked. If undefined, it defaults to
  32 # 99999999, which basicly disables the feature.
  33 TimeLimit       86400