######################################################################
# floodmon.conf
#
# Floodmon configuration file
# This file must be copied to your '/etc/' directory
#
# If you make changes to this file while floodmon is running,
# run `floodmon --reload` so that the daemon will reload it.
######################################################################
######################################################################
# Network interface. It is only used to capture SYN packets
# and setting up rp_filter (reverse-path filtering).
# Example : 'eth0', 'venet0'...
INTERFACE = 'eth0'
######################################################################
# Connection tracking table : if you are not using it, set
# this value to '1' (see documentation for more info).
# Default value : 0
NO_CONNTRACK = '0'
######################################################################
# Send alert by email to the admin
# Accepted values : 0, 2, 3 and 4
# 0 == no alert
# 2 == send an email when alert level 2 is reached
# 3 == send an email when alert level 3 is reached
# 4 == send an email when alert level 4 is reached
# Default value : '2'
EMAIL_ALERT = '2'
# Email alert frequency (in minutes).
# During an attack, you will not receive more than one email
# every [EMAIL_ALERT_FREQ] minutes.
# Default value : '30'
EMAIL_ALERT_FREQ = '30'
# Admin address email where alerts and reports should be sent to :
ADMIN_EMAIL = 'thiago.laurito@gmail.com'
# Floodmon can attach to its email alert a capture of the last
# SYN packets received. The file uses 'pcap' format and can
# be open/read with a network analyzer like Wireshark
# (http://www.wireshark.org).
# Valuess : 0 == don't send anything (deactivated)
# 1 à 99 == number of packets to capture
# Default value : '25'
DUMP_SYNPACKETS = '25'
######################################################################
# Send a SMS alert to the admin.
# You must be using a service (VOIP etc) that allows you to send
# SMS from a simple URL (HTTP or HTTPS).
# The whole URL + its parameters should be included.
# Don't use any reserved/accentued chars and replace all spaces
# between words with the '+' sign.
# Example with voipbuster.com service :
# SMS_ALERT = 'https://myaccount.voipbuster.com/clx/sendsms.php?username=USERNAME&password=PASSWD&from=SENDER&to=PHONENUMBER&text=SYN+flood+alert+on+mydomain.com'
#
# You can test if everything is working well with the command :
# `floodmon --sms-test`
#
SMS_ALERT = ''
# SMS alert frequency (in hours).
# During an attack, you will not receive more than one SMS
# every [SMS_ALERT_FREQ] hours.
# Default value : '24'
SMS_ALERT_FREQ = '24'
######################################################################
# Null-routed IPs flush frequency (minutes).
# By default, IPs are unblocked after 10 minutes.
FLUSH_FREQ = '10'
# Network mask used to nullroute IPs :
# Accepted values : 8, 16 or 24
# 8 == 0.xxx.xxx.xxx
# 16 == 0.0.xxx.xxx
# 24 == 0.0.0.xxx
# Default value : '16'
NETMASK = '16'
######################################################################
# Log file verboseness (/var/log/floodmon.log).
# Values : 1 == log daemon start/stop and errors only.
# 2 == same as above + alert levels, number of SYN received
# and nullrouted IPs etc.
# Default value : '2'
# Warning : during a large scale attack, you are advised to set
# this variable to '1' to avoid flooding the logfile.
LOG_LEVEL = '2'
######################################################################
#
# /!\ IMPORTANT /!\
#
# DO NOT ACTIVATE/MODIFY ANY OF THE FOLLOWING VALUES WITHOUT HAVING
# READ THE FULL DOCUMENTATION :
# => http://floodmon.sourceforge.net/ <=
#
######################################################################
# To activate a variable, uncomment the corresponding line by
# removing the '#' sign.
# All value should be integers only, except 'LOOP_DELAY' which can
# accept '.' for milliseconds.
# The 4 values represent all 4 alert levels and should always be
# space-separated.
# eg. : VARIABLE = 'level_1 level_2 level_3 level_4'
######################################################################
MAX_SYN = '350 500 1000 2000'
SYN_COOKIES = '0 1 1 1'
MAX_SYN_QUEUE = '10000 20000 100000 200000'
SOMAXCONN = '10000 20000 40000 65000'
MAX_SYNACK_RETRY = '3 2 1 0'
LOOP_DELAY = '15 1.5 1 0.5'
NULLROUTE_SUBNET = '0 100 200 300'
CONNTRACK_TIMEOUT = '60 21 9 3'
CONNTRACK_MAX = '65536 65536 131072 131072'
CONNTRACK_HASHSIZE = '16384 65536 65536 131072'
BEST_EFFORT = '0 1 1 1'
######################################################################