Please decrease this value if you are using sampled capture protocols How many packets will be collected from attack’s traffic. Works only for mirror and sFlow modesĬollect simple attack dumps which include information from attack’s sample. This option enables pcap collection for attack’s traffic dump. How long we should flow spec keep rule in announces. We will try to withdraw flow spec rule when blocking time expires Use only if you have BGP Flowspec capable routers If the attack is still active, check each run of the unblock watchdogĪnnounce flow spec rules to block only melicious traffic. Zero value is prohibited here.Ĭheck if the attack is still active, before triggering an unblock callback with this option. How long we should keep an IP in blocked state. We will try to unban blocked IPs after this time expires Saves list of blocked hosts on shutdown and restores it on startupĬompletely enable or disable all ban actions for IPv6 traffic It’s mandatory for fcli and public web APIĬompletely enable or disable all ban actionsĬompletely enable or disable all ban for total traffic per hostgroupĮnable blocking for remote hosts in outgoing directionĮnable blocking for remote hosts in incoming directionĬompletely disables ban for incoming trafficĬompletely disables ban for outgoing traffic But it can use information from IP header when you enable this optionĮnable internal FastNetMon API. Algorithm to spread load over threadsĮnables strict CPU affinity and binds traffic capture threads to fixed logical CPUsĪf_packet_read_packet_length_from_ip_headerīy default, FastNetMon reads packet length from the wire. Enable capture from mirror port using AF_PACKET capture engineĮnables sampling for mirror mode offloaded on kernel / driver levelĮnables capture socket performance statisticsĭisables multi thread processing and handles all traffic using single threadįanout mode.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |