69 lines
2.1 KiB
Groff
69 lines
2.1 KiB
Groff
.\" $NetBSD: ipmon.5,v 1.4 2012/02/15 17:55:08 riz Exp $
|
|
.\"
|
|
.TH IPMON 5
|
|
.SH NAME
|
|
ipmon, ipmon.conf \- ipmon configuration file format
|
|
.SH DESCRIPTION
|
|
The format for files accepted by ipmon is described by the following grammar:
|
|
.LP
|
|
.nf
|
|
"match" "{" matchlist "}" "do" "{" doing "}" ";"
|
|
|
|
matchlist ::= matching [ "," matching ] .
|
|
matching ::= direction | dstip | dstport | every | group | interface |
|
|
logtag | nattag | protocol | result | rule | srcip | srcport .
|
|
|
|
dolist ::= doing [ "," doing ] .
|
|
doing ::= execute | save | syslog .
|
|
|
|
direction ::= "in" | "out" .
|
|
dstip ::= "dstip" "=" ipv4 "/" number .
|
|
dstport ::= "dstport" "=" number .
|
|
every ::= "every" every-options .
|
|
execute ::= "execute" "=" string .
|
|
group ::= "group" "=" string | "group" "=" number .
|
|
interface ::= "interface" "=" string .
|
|
logtag ::= "logtag" "=" string | "logtag" "=" number .
|
|
nattag ::= "nattag" "=" string .
|
|
protocol ::= "protocol" "=" string | "protocol" "=" number .
|
|
result ::= "result" "=" result-option .
|
|
rule ::= "rule" "=" number .
|
|
srcip ::= "srcip" "=" ipv4 "/" number .
|
|
srcport ::= "srcport" "=" number .
|
|
type ::= "type" "=" ipftype .
|
|
ipv4 ::= number "." number "." number "." number .
|
|
|
|
every-options ::= "second" | number "seconds" | "packet" | number "packets" .
|
|
result-option ::= "pass" | "block" | "short" | "nomatch" | "log" .
|
|
ipftype ::= "ipf" | "nat" | "state" .
|
|
|
|
.fi
|
|
.PP
|
|
In addition, lines that start with a # are considered to be comments.
|
|
.SH OVERVIEW
|
|
.PP
|
|
The ipmon configuration file is used for defining rules to be executed when
|
|
logging records are read from
|
|
.B /dev/ipl.
|
|
.PP
|
|
At present, only IPv4 matching is available for source/destination address
|
|
matching.
|
|
.SH MATCHING
|
|
.PP
|
|
Each rule for ipmon consists of two primary segments: the first describes how
|
|
the log record is to be matched, the second defines what action to take if
|
|
there is a positive match. All entries of the rules present in the file are
|
|
compared for matches - there is no first or last rule match.
|
|
.SH FILES
|
|
/dev/ipl
|
|
.br
|
|
/dev/ipf
|
|
.br
|
|
/dev/ipnat
|
|
.br
|
|
/dev/ipstate
|
|
.br
|
|
/etc/ipmon.conf
|
|
.SH SEE ALSO
|
|
ipmon(8), ipl(4)
|