-
Notifications
You must be signed in to change notification settings - Fork 0
/
flowd.conf
51 lines (43 loc) · 1.43 KB
/
flowd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# $Id$
# Specify where flowd should store its flow records
logfile "/var/log/flowd"
# Specify what addresses/ports flowd should listen on.
# Multiple addresses may be specified
listen on 127.0.0.1:12345
listen on [::1]:12345
#listen on 0.0.0.0:12345
#listen on [::]:12345
# Select which hosts we trust to send us flows (leave blank to trust any)
# May be specified multiple times to allow more than one host/network
flow source 127.0.0.1
#flow source 10.0.0.0/8
# Specify multicast groups to join (default: none)
# IPv6 addresses may be specified with or without interface scope
#join group 224.0.1.20
#join group ff02::114%em0
# Specify which flow records are recorded in the log. Multiple options may be
# specified.
store ALL
#store PROTO_FLAGS_TOS
#store AGENT_ADDR
#store SRC_ADDR
#store DST_ADDR
#store SRCDST_PORT
#store PACKETS
#store OCTETS
#store CRC32
# Flow filtering rules
discard all
accept agent 127.0.0.1
# Example of some local variables
#internal_traffic = "1"
#somehost = "88.88.88.88"
#business_hours_traffic = "2"
# Example of a filter policy using local variables
#discard agent 1.1.1.0/24
#discard agent 1.1.1.0/24 proto tcp
#accept tag $internal_traffic src 2.2.2.0/25 port 666 dst 33.33.0.0/16 port 888
#accept tag 3 src 3.3.3.0/25 port 111 dst 44.44.55.0/16 port 222 proto tcp
#discard agent $somehost tos 0x80
#discard proto tcp tcp_flags mask 0x04 !equal 0x04
#accept tag $business_hours_traffic after 08:30:0 before 17:30:00