forked from intersvyaz/zerod
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathzerod.conf.dist.in
198 lines (171 loc) · 4.82 KB
/
zerod.conf.dist.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
// Interfaces list.
// Property "lan" defines LAN interface name.
// Property "wan" defines WAN interface name.
// Property "affinity" defines initial thread affinity for ring threads.
interfaces = (
{ lan = "eth0", wan = "eth1", affinity = 0 }
);
// Pause time before start operating on interfaces (in seconds).
// Sometimes after enabling interface it's need time for initialization.
// Default: 5
iface_wait_time = 5;
// Overlord threads to spawn.
// Overlord thread controls authentication and accounting of client sessions.
// If you specify more than 1 thread, then session pool will be divided between all overlords.
// Value must be even and not bigger than 16.
// Default: 4
overlord_threads = 4;
// Default client rules.
// Rules applied on client creation.
default_client_rules = (
"p2p_policy.1",
"bw.40960Kbit.down",
"bw.20480Kbit.up"
);
// Initial size of client bucket (in bytes).
// Default: 15M
initial_client_bucket_size = "15M";
// Subnets dedicated to clients.
client_net = (
"5.79.128.0/17",
"5.206.0.0/17",
"31.207.128.0/17",
"37.140.0.0/17",
"88.206.0.0/17",
"109.191.0.0/16",
"172.24.0.0/13",
"176.226.128.0/17"
);
// Subnets dedicated to all home network.
home_net = (
// AS8369 prefixes
"5.79.128.0/17",
"5.206.0.0/17",
"31.207.128.0/17",
"37.140.0.0/17",
"77.222.96.0/19",
"78.29.0.0/18",
"80.255.80.0/20",
"83.142.160.0/21",
"88.206.0.0/17",
"94.24.128.0/17",
"109.191.0.0/16",
"176.226.128.0/17",
"185.12.228.0/22",
// local
"10.0.0.0/8",
"172.24.0.0/13",
"192.168.0.0/16"
);
// Exceptions from home network.
// For this subnets does not apply port rules and bandwidth limits.
home_net_exclude = (
"78.29.2.21/32",
"78.29.2.22/32",
"78.29.2.23/32",
"78.29.2.24/32"
);
// Path to radius configuration file.
// Default : /etc/radiusclient/radiusclient.conf
radius_config_file = "/etc/radiusclient/radiusclient.conf";
// Radius NAS identifier.
radius_nas_identifier = "zero";
// Default session DHCP lease time in seconds.
// If ARP inspection is enabled: after this time session will be purged, if were no lease renew.
// Else: this will be inactivity time before purging this session.
// Default: 1800 (30 min)
dhcp_default_lease_time = 1800;
// Maximum session duration.
// After this period session will be deleted.
// Use zero to disable this feature.
// May be overridden by RADIUS Session-Timeout.
// Default: 86400 (1 day)
session_max_duration = 86400;
// Session accounting update period in seconds.
// May be overridden by RADIUS Acct-Interim-Interval.
// Default: 600 (10 min)
session_accounting_interval = 600;
// Session authentication interval in seconds.
// If auth failed, retry not early than this time.
// Default: 10 (10 secs)
session_auth_interval = 10;
// Remote control listen address and port.
// Default: 0.0.0.0:1050
rc_listen_addr = "0.0.0.0:1050";
// Default download p2p bandwidth for all upstreams (in bits).
// Default: 10M
upstream_p2p_bw_down = "10M";
// Default upload p2p bandwidth for all upstreams (in bits).
// Default: 10M
upstream_p2p_bw_up = "10M";
// Ports that always threaten as non-p2p.
// All ports <= 1024 is always treated as non-p2p.
p2p_ports_whitelist = (
// HTTP(S)
8080, 8081, 4443,
// MS SQL Server
1443, 1434,
// MySQL
3306,
// Oracle SQL
1521, 1522, 1525, 1529,
// Microsoft Terminal Server / Citrix ICA
1494, 1604,
// ICQ
4000,
// Yahoo Messenger
5010,
// AOL Instant Messenger
5190,
// PCAnywhere
5632,
// VNC
5500, 5800, 5900,
// Microsoft PPTP
1723,
// RDP
3389
);
// Ports that always treated as p2p.
// Currently unused.
p2p_ports_blacklist = (
// Limeware, Morpheus, BearShare
6346, 6347,
// eDonekey2000
4662, 4672,
// Bittorrent
6881, 6882, 6883, 6884, 6885, 6886, 6887, 6888, 6889,
// WinMx
6699, 6257
);
// Default download bandwidth for non_client traffic.
// Default: "5M"
non_client_bw_down = "5M";
// Default upload bandwidth for non_client traffic.
// Default: "5M"
non_client_bw_up = "5M";
// Total traffic monitoring bandwidth limit.
// Default: 500M
monitors_total_bw_limit = "500M";
// Per connection traffic monitoring bandwidth limit.
// Default: 50M
monitors_conn_bw_limit = "50M";
// Dynamic ARP inspection.
// 0 - disabled.
// 1 - loose mode, check only arp packets.
// 2 - strict mode, check all packets.
// Default: 0
arp_inspection = 0;
// Blacklisted URLs.
// Default: /etc/zerod.blacklist
blacklist_file = "@CMAKE_INSTALL_PREFIX@/etc/zerod.blacklist";
// Blacklist file reload interval
// Default: 3600 (seconds)
blacklist_reload_interval = 3600;
// DNS Amplification attack detection threshold.
// Incoming packets per second.
// Default: 1K
dns_attack_threshold = "1K";
// Enable coredump files.
// Default: 1
enable_coredump = 1;