-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathHBPConfiguration.h
More file actions
90 lines (64 loc) · 3.49 KB
/
HBPConfiguration.h
File metadata and controls
90 lines (64 loc) · 3.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
// HBPConfiguration.h
// pf-blocker — Objective-C replacement for the OpenBSD homemade block scripts.
//
// Edit the values in +defaultConfiguration to match your environment before
// building, or allocate an HBPConfiguration and set the properties at runtime.
#import <Foundation/Foundation.h>
NS_ASSUME_NONNULL_BEGIN
@interface HBPConfiguration : NSObject
// ---------------------------------------------------------------------------
// Remote syslog settings
// ---------------------------------------------------------------------------
/// Hostname or IP address of the remote syslog server.
@property (nonatomic, copy) NSString *syslogHost;
/// UDP port of the remote syslog server (standard is 514).
@property (nonatomic, copy) NSString *syslogPort;
// ---------------------------------------------------------------------------
// Block-expiry settings
// ---------------------------------------------------------------------------
/// Number of hours a block stays in effect before expireBlocks removes it.
@property (nonatomic, assign) NSInteger blockHours;
// ---------------------------------------------------------------------------
// File paths
// ---------------------------------------------------------------------------
/// pf block table text file — loaded into pf with pfctl.
@property (nonatomic, copy) NSString *blockFile;
/// Ledger file — one "IP EPOCH" line per blocked address.
@property (nonatomic, copy) NSString *ledgerFile;
/// OpenBSD authentication log file.
@property (nonatomic, copy) NSString *authlogFile;
// ---------------------------------------------------------------------------
// Firewall settings
// ---------------------------------------------------------------------------
/// Name of the pf table that holds the block list.
@property (nonatomic, copy) NSString *pfTableName;
// ---------------------------------------------------------------------------
// Scanning settings
// ---------------------------------------------------------------------------
/// How many lines to read from the tail of authlog each run.
@property (nonatomic, assign) NSInteger authlogTailLines;
/// IP address to never block (your trusted management address).
/// Replace "www.xxx.yyy.zzz" with your real IP before deploying.
@property (nonatomic, copy) NSString *whitelistIP;
// ---------------------------------------------------------------------------
// Web-violation scanning settings
// ---------------------------------------------------------------------------
/// Number of times an IP must appear in the web-violation log within
/// webViolationWindowHours before it is blocked.
@property (nonatomic, assign) NSInteger webViolationThreshold;
/// Rolling window (in hours) used when counting web violations.
@property (nonatomic, assign) NSInteger webViolationWindowHours;
// ---------------------------------------------------------------------------
// Factory
// ---------------------------------------------------------------------------
/// Returns a configuration pre-filled with the same defaults that the
/// shell scripts used. Edit these values to match your site.
+ (instancetype)defaultConfiguration;
// ---------------------------------------------------------------------------
// Validation
// ---------------------------------------------------------------------------
/// Emit NSLog warnings for any settings that still contain placeholder values.
/// Call this once at program startup before performing any blocking actions.
- (void)warnAboutPlaceholders;
@end
NS_ASSUME_NONNULL_END