mirror of
https://github.com/crowdsecurity/cs-firewall-bouncer.git
synced 2024-08-19 01:18:49 +03:00
63 lines
1.2 KiB
YAML
63 lines
1.2 KiB
YAML
mode: ${BACKEND}
|
|
update_frequency: 10s
|
|
log_mode: file
|
|
log_dir: /var/log/
|
|
log_level: info
|
|
log_compression: true
|
|
log_max_size: 100
|
|
log_max_backups: 3
|
|
log_max_age: 30
|
|
api_url: http://127.0.0.1:8080/
|
|
api_key: ${API_KEY}
|
|
## TLS Authentication
|
|
# cert_path: /etc/crowdsec/tls/cert.pem
|
|
# key_path: /etc/crowdsec/tls/key.pem
|
|
# ca_cert_path: /etc/crowdsec/tls/ca.crt
|
|
insecure_skip_verify: false
|
|
disable_ipv6: false
|
|
deny_action: DROP
|
|
deny_log: false
|
|
supported_decisions_types:
|
|
- ban
|
|
#to change log prefix
|
|
#deny_log_prefix: "crowdsec: "
|
|
#to change the blacklists name
|
|
blacklists_ipv4: crowdsec-blacklists
|
|
blacklists_ipv6: crowdsec6-blacklists
|
|
#type of ipset to use
|
|
ipset_type: nethash
|
|
#if present, insert rule in those chains
|
|
iptables_chains:
|
|
- INPUT
|
|
# - FORWARD
|
|
# - DOCKER-USER
|
|
|
|
## nftables
|
|
nftables:
|
|
ipv4:
|
|
enabled: true
|
|
set-only: false
|
|
table: crowdsec
|
|
chain: crowdsec-chain
|
|
priority: -10
|
|
ipv6:
|
|
enabled: true
|
|
set-only: false
|
|
table: crowdsec6
|
|
chain: crowdsec6-chain
|
|
priority: -10
|
|
|
|
nftables_hooks:
|
|
- input
|
|
- forward
|
|
|
|
# packet filter
|
|
pf:
|
|
# an empty string disables the anchor
|
|
anchor_name: ""
|
|
|
|
prometheus:
|
|
enabled: false
|
|
listen_addr: 127.0.0.1
|
|
listen_port: 60601
|