# sshdfilter config, V1.4
# Config parser is simple, so don't try anything fancy.

# Min time (seconds) the block list is checked to remove stale entries from 
# this list and iptables. Put another way, limits how often sshdfilter 
# checks the IP block list for blocks that have exceeded the maxblocktime 
# value. So the default of 2 hours, says, at intervals at least 2 hours 
# appart, check all the IPs on the block lists and see if any have timed 
# out. Simply put, it should be a fraction of maxblocktime, say 0.05
repurgetime=7200

# How long (seconds) after the last activity from an ip that it can be 
# removed from iptables block list.
maxblocktime=3600*24*3

# How many password guesses of an existing user before going on the 
# blocked list. Here twice what it should be, with -e -D, sshd likes to 
# output failures and successes twice.
maxchances=6

# Options to pass to iptables, such as interface and/or port number.
# Note some options must be in the right order to be accepted by the 
# iptables parser.
# This replaces the 'interface' option found in sshdfilter <=1.4.2
iptablesoptions="--dport 22 -j DROP"
#iptablesoptions="--dport 22 -i eth1 -j DROP"

# Name of iptables chain where sshdfilter will store its rules. If you 
# want to run multiple isolated instances of sshdfilter then you will
# need to change this, your iptables setup and use the SSHFILTERRC 
# environment variable (see INSTALL).
chain="SSHD"

# Email any block events. Runs this line with some more details on stdin.
# Note perl executes this line, so be careful with escaping. Using the
# debug option might be a good idea, as would logging debug level syslog
# events (thats /etc/syslog.conf).
#mail="mail -s \"sshdfilter event for $ip, $event\" greg\@abatis.flint"

# convert any IPv6 addresses to IPv4, necessary for iptables, as only
# ip6tables knows about IPv6. Setting this option to 0 also enables
# calling ip6tables instead of iptables, so you should generally leave it
# set to 1.
ip6toip4=1

# where sshd lives
sshdpath="/usr/sbin/sshd"

# debug? !0 turns on debugging
debug=0

