40 lines
870 B
YAML
40 lines
870 B
YAML
# Config file for nft-blackhole in yaml
|
|
|
|
|
|
# IP versions supported: 'on' or 'off', default 'off'
|
|
IP_VERSIONS:
|
|
v4: on
|
|
v6: on
|
|
|
|
# Default chain policy
|
|
DEFAULT_POLICY: accept
|
|
|
|
# Block policy: 'drop' or 'reject', default: 'drop'
|
|
BLOCK_POLICY: drop
|
|
|
|
# Input interface name
|
|
IIFNAME: eth0
|
|
|
|
# Whitelist: IP or Network adresses
|
|
WHITELIST:
|
|
v4:
|
|
- 127.0.0.1
|
|
- 192.168.0.1/24
|
|
v6:
|
|
- '2a02:8060::/31'
|
|
|
|
|
|
# Blacklist: URLs to IP or Network adresses
|
|
# For example, with: https://iplists.firehol.org/
|
|
BLACKLIST:
|
|
v4:
|
|
- https://iplists.firehol.org/files/bi_any_0_1d.ipset
|
|
- https://iplists.firehol.org/files/haley_ssh.ipset
|
|
- https://iplists.firehol.org/files/firehol_level2.netset
|
|
v6:
|
|
|
|
|
|
# Country list: two letter country codes defined in ISO 3166-1
|
|
# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
|
|
COUNTRY_LIST:
|
|
- cn
|