-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathHBPConfiguration.m
More file actions
65 lines (52 loc) · 2.82 KB
/
HBPConfiguration.m
File metadata and controls
65 lines (52 loc) · 2.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
// HBPConfiguration.m
#import "HBPConfiguration.h"
@implementation HBPConfiguration
+ (instancetype)defaultConfiguration {
HBPConfiguration *config = [[HBPConfiguration alloc] init];
// -----------------------------------------------------------------------
// Remote syslog — change these before deploying.
// -----------------------------------------------------------------------
config.syslogHost = @"your.syslog.host";
config.syslogPort = @"514";
// -----------------------------------------------------------------------
// Block expiry
// -----------------------------------------------------------------------
config.blockHours = 24;
// -----------------------------------------------------------------------
// File paths — these match the paths used by the companion shell scripts.
// -----------------------------------------------------------------------
config.blockFile = @"/etc/pf/blocks/arbitraryBlocks.txt";
config.ledgerFile = @"/etc/pf/blocks/blockLedger.txt";
config.authlogFile = @"/var/log/authlog";
// -----------------------------------------------------------------------
// Firewall table name — must match the table defined in /etc/pf.conf.
// -----------------------------------------------------------------------
config.pfTableName = @"arbitraryblocks";
// -----------------------------------------------------------------------
// Scanning behaviour
// -----------------------------------------------------------------------
config.authlogTailLines = 500;
// Replace this placeholder with the IP you never want to block (e.g. your
// own management address). Matching lines are skipped entirely.
config.whitelistIP = @"www.xxx.yyy.zzz";
// -----------------------------------------------------------------------
// Web-violation scanning
// -----------------------------------------------------------------------
config.webViolationThreshold = 10; // violations before blocking
config.webViolationWindowHours = 1; // rolling window in hours
return config;
}
- (void)warnAboutPlaceholders {
if ([_syslogHost isEqualToString:@"your.syslog.host"]) {
NSLog(@"pf-blocker: WARNING: syslogHost is still set to the placeholder "
@"'your.syslog.host'. Remote syslog logging will fail. "
@"Edit HBPConfiguration.m and rebuild.");
}
if ([_whitelistIP isEqualToString:@"www.xxx.yyy.zzz"]) {
NSLog(@"pf-blocker: WARNING: whitelistIP is still set to the placeholder "
@"'www.xxx.yyy.zzz'. No address is currently protected from being "
@"blocked. Replace it with your management IP in HBPConfiguration.m "
@"and rebuild to avoid accidentally locking yourself out.");
}
}
@end