IPSET-NG configurations options: ipsetd-ng sensord-ng milterd-ng

Configuration section: Description:
protocol configuration Internet protocol version section
server ipset-ng configuration client/server feature section
server-ssl ipset-ng configuration client/server security socket layer feature section
driver configuration drivers data base storage section
.. drv-ipset configuration ipset data base storage driver section
.. drv-ipt46 configuration iptables v4 & v6 direct to kernel driver section
.. drv-sqlite3 configuration sqlite3 data base storage driver section
.. drv-mysql configuration mysql data base storage driver section
.. drv-dbi configuration dbi library data base storage driver section
onstart configuration on start daemon section
onstop configuration on stop daemon section
onreload configuration on reload daemon section
tblaccess configuration require access user-side client for modifying any data section
dnsbl configuration DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) section
geoip configuration geotargeting MaxMind GeoIP database section
userscript configuration user-side JavaScript section
preload-script configuration pre-load user-side JavaScript section
logparse configuration parser logging section
logmatch configuration logging match regex section
whitelist configuration local client whitelist
return configuration return MTA for situation
mta value reference book: return MTA value
  • Global configuration legend: yes - enable, no - disable

Configuration guide ipsetd-ng.conf, sensord-ng.conf, milterd-ng.conf:

[protocol]

version = ipv4

place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf ipsetcmd-ng.conf
Default Internet protocol version configuration.
create ipset table type: ipv4, ipv6, default: ipv4

[server] : server-side [ipset-ng] : client-side

daemon = yes | no

place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
client-side: positioned in the section [ipset-ng]
daemon mode, you can connect the monitor-ng program to monitor current activity and modify various settings of the server.

remote = my.server.host.name

place locations: sensord-ng.conf milterd-ng.conf
server-side: -
client-side: remote master ipsetd-ng server, IP address or hostname.

port = 1919

place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
server-side: local bind UDP port, default 1919
client-side: positioned in the section [ipset-ng], remote master ipset-ng server port, UDP port (default 1919) or TCP/SSL (default 5000)

socket = inet:1999@localhost

place locations: milterd-ng.conf
server-side: -
client-side: MTA socket set:
  • socket = unix:/var/run/milter-ng.sock
  • socket = local:/var/run/milter-ng.sock
  • socket = inet:1999@localhost
quick configuration:

    Sendmail configuration:
    INPUT_MAIL_FILTER(`filter1', `S=inet:1999@localhost, T=C:2m')
    define(`confINPUT_MAIL_FILTERS', `filter1')
    m4 ../m4/cf.m4 myconfig.mc > myconfig.cf


    Postfix configuration:
    Milters for SMTP mail: /etc/postfix/main.cf:
    smtpd_milters = inet:1999@localhost
    Milters for non-SMTP mail: /etc/postfix/main.cf:
    non_smtpd_milters = inet:1999@localhost

mtatimeout = 60

place locations: milterd-ng.conf
server-side: -
client-side: timeout MTA (Sendmail,Postfix,other..) send/receive

queue = 2048

place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
process queue: default 2048

crypt = my access word!

place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
client-side: positioned in the section [ipset-ng]
crypt all network (no ssl) packet AES logarithm,
support AES128, AES192, AES256 key.
AES crypt mode (128/192/256) automatically selected and depends on the length of the ciphertext string.
WARNING: maximum length of crypt ciphertext = `32` characters

cryptnocrypt = yes | no

place locations: ipsetd-ng.conf
server-side: accept, or not no crypt packets. NON-crypt packet disabled if value `no`. All client's needed password.
client-side: -
At any time, you can change status of accepts connections is in monitoring mode, key: [a]
WARNING: if defined this `cryptnocrypt` is `no`, no communicate client software without password

logpath = /var/log

place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
path to log, from memory leak mode, default: /var/log/daemon-ipset_memleak.log
  • Example output:
    • Memory Leak Summary
      -----------------------------------
      leak total:0,max used size:1418,once max:1040
    or a detailed report with fragments of memory where there was not clean.

    loglevel = full

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    loging to syslog, log level:
    • disabled - disable log
    • critical - warning only log
    • medium - info level log
    • full - full log
    • debug - full log, include memory access
    • debugssl - full log, include memory access + ssl
    any time modify this options is monitor mode: key [0,1,2,3,4,5]

    syslogfacility = daemon

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    syslog 'facility', for details in your system, see 'man 5 syslog.conf'
    The 'facility' is one of the following keywords: auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp and local0 through local7.

    sysloglevel = info

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    syslog 'level', for details in your system, see 'man 5 syslog.conf'
    The 'level' is one of the following keywords, in ascending order: debug, info, notice, warning, warn (same as warning), err, error (same as err), crit, alert, emerg, panic (same as emerg).

    monitor = /tmp

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    create some name fifo file for monitoring process, comment to disable it..
    WARNING: this extended function fifo `monitor` active only daemon mode. Console mode use native stdout monitor, command line key '-m'.

    checkaccess = yes | no

    place locations: ipsetd-ng.conf
    server-side: check rule from section [tblaccess]
    client-side: -

    exec = /etc/rc.d/addfw.sh

    place locations: sensord-ng.conf
    server-side: -
    client-side: exec shell and send banned IP address to script, see 'misc/addfw.sh' for example.

    execq = yes | no

    place locations: sensord-ng.conf
    server-side: -
    client-side: quiet exec mode, no speak and write inside runing program

    mtamode = connect
    mtamode = helo

    place locations: milterd-ng.conf
    server-side: -
    client-side: control to libmilter mode job status:
      check IP address in method 'connect'
      check IP address in method 'helo'
    Delete or comment to disable specific MTA mode.

    cachemem = 1024

    place locations: milterd-ng.conf
    server-side: -
    client-side: IP cache size in Kb, if value = 0 - disable cache

    sendbadip = yes | no

    place locations: ipsetd-ng.conf sensord-ng.conf
    server-side and client-side: Send a blocked IP address on the Internet blacklist storage, This you will contribute to the completion of the database and help other users

    [server-ssl] : server-side [ipset-ng] : client-side

    sslport = 5000

    place locations: ipsetd-ng.conf
    server-side: SSL port, comment, or set to 0 to disable SSL engine
    client-side: -
    If defined this field - SSL enable, otherwise - disable.
    At any time, you can monitor the status of the SSL engine is in monitoring mode:
    • [l] - show SSL session statistic
    • [p] - show SSL user certificates
    • [i] - show SSL connect extended information
    • [o] - renew & reload SSL CRL file

    ssldebuglog = /path/to/ssl-debug.log

    place locations: ipsetd-ng.conf
    debug SSL error connections logging to specific file

    sslsecure = yes | no

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    use safe SSL protocol, disable SSLv2

    sslchkhost = yes | no

    place locations: ipsetd-ng.conf
    server-side: check ip host in certificate, CN value
    client-side: -

    ssltimeout = 15

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    SSL session timeout, default 15 seconds

    sslcache = 200

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    SSL session cache, 0 to disable

    sslsni = my.server.host.name

    place locations: sensord-ng.conf milterd-ng.conf
    server-side: -
    client-side: check SNI server hostname, comment to disable.

    sslcrlcheck = 180

    place locations: ipsetd-ng.conf
    server-side: check CRL record, period in seconds
    client-side: -

    sslcrlauto = yes | no

    place locations: ipsetd-ng.conf
    server-side: SSL renew CRL file if expired time, required sslcakey CA root private key defined
    client-side: -
    You can instruct the IPSETD-NG server to automatically update CRL file once it has expired.
    To do this, you must set this parameter to yes, and determine the location of the CA root private key file on the disk in the directive sslcakey.

    sslcipher = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    or recommended `sslcipher` = EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDS A+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS
    see detail about priority SSL ciphers

    sslca = /etc/ipset-ng/ssl/cert.ca.pem

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    CA root certificate, if not defined - use build-in

    sslcakey = /etc/ipset-ng/ssl/key.ca.pem

    place locations: ipsetd-ng.conf
    CA root private key, needed to CRL auto renew process

    sslcert = /etc/ipset-ng/ssl/cert.server.pem

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    server/client main certificate, if not defined - use build-in

    sslkey = /etc/ipset-ng/ssl/key.server.pem

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    server/client private key, if not defined - use build-in

    sslcrl = /etc/ipset-ng/ssl/crl.all.pem

    place locations: ipsetd-ng.conf
    server-side: server crl - revocation certificates list
    client-side: -

    You need to have a CRL directory. Normally to be found in /etc/ipset-ng/ssl/server-tocrl/, but you can change that in your /etc/ipset-ng/ssl/sslserver.config file.
    Everyone needs to be able to read this directory and everything in it, but no-one except the CRL fetch process should be able to write to it.
    Or use the automatic update feature CRL file, allowing directive sslcrlauto to value yes.

    For build, delete or undelete certificates, use ipset-ng ssl tools: misc/startup/buildcert.sh
      create: buildcert.sh [ --server-ng | --client-ng ] [ IP address ]
      revoke: buildcert.sh [ --delete-ng | --undelete-ng ] [ serial num certificate ]
      update: buildcert.sh [ --updatecrl-ng ]
      list: buildcert.sh [ --list-ng ]
    In order to check that the certificate you've just been presented (for whatever reason) is still valid (and hasn't been revoked), you'll need to check a CRL (certificate revocation list). These are published by CAs.
    In most cases, you'll need some sort of automated script to pull (and verify!) the latest CRL of all CAs you trust, at some periodic interval. Once a week is usually good enough, unless it really matters to you that a revoked certificate can't be used, in which case you'll want a time closer to the CRL update frequency. YMMV, you'll need to decide for yourself.

    [driver]

    path = /usr/lib/ipsetng

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    path to dynamic driver directory.
    default: /usr/lib/ipsetng create automaticaly from make

    name = ipset

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    name of driver,
    explore: drv-<name>-ng.so, available:
    • ipset
    • ipt46
    • mysql
    • sqlite3
    • dbi

    fastload = yes | no

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    fast loading driver mode

    iptenable = yes | no

    place locations: ipsetd-ng.conf sensord-ng.conf ipsetcmd-ng.conf
    server-side: in section [driver]
    client-side: in section [server]
    enable/disable built-in iptables rule support, operation from IP addresses direct to kernel.
    This module no ipset driver support, because all the basic and advanced features incorporated in the ipset driver.
    At any time, you can monitor the status of the built-in iptables module is in monitoring mode:
    • [f] - clear iptables chain, iptchain parameter name
    • [d] - print iptables chain, iptchain parameter name
    • [x] - save dump iptables chain data to file /tmp/ipset-ng-dump-iptables-flush-<data and time >.sh
    WARNING: for IPSETD-NG, IPSETCMD-NG - Iptables can be used in all drivers except the driver ipset. Ipset driver use iptables engine directly.

    ipttable = filter

    place locations: ipsetd-ng.conf sensord-ng.conf ipsetcmd-ng.conf
    server-side: in section [driver]
    client-side: in section [server]
    table of iptables, default filter

    iptchain = INPUT

    place locations: ipsetd-ng.conf sensord-ng.conf ipsetcmd-ng.conf
    server-side: in section [driver]
    client-side: in section [server]
    chain of iptables, default INPUT
    At the start of the check for the presence of the chain. If the chain is not to be adopted attempt to create it.

    iptmethod = append | insert

    place locations: ipsetd-ng.conf sensord-ng.conf ipsetcmd-ng.conf
    server-side: in section [driver]
    client-side: in section [server]
    method for adding IP address to chain

    iptrule = DROP

    place locations: ipsetd-ng.conf sensord-ng.conf ipsetcmd-ng.conf
    server-side: in section [driver]
    client-side: in section [server]
    target of iptables: ACCEPT | DROP | QUEUE | RETURN
    default DROP

    [drv-ipset]
    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    ipset storage direct rule to kernel driver, read more about this driver.

    whitelist = listname

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    Name of white list table, if define it, AutoTable mode enabled.
    The table must necessarily be of type list:set and include other tables with lists of IP addresses and networks.
    AutoTable mode - auto manage ipset table
    any time posible reload sub table is monitor mode: key [t]

    blacklist = listname

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    Name of black list table, if define it, AutoTable mode enabled.
    The table must necessarily be of type list:set and include other tables with lists of IP addresses and networks.
    AutoTable mode - auto manage ipset table
    any time posible reload sub table is monitor mode: key [t]

    [drv-ipt46]
    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    iptables v4 & v6 direct rule to iptables -> kernel, no any other database used, use configuration in global section [driver] - iptenable, ipttable, iptchain, iptmethod, iptrule.
    Read more about this driver.

    [drv-sqlite3]
    sql lite3 storage driver, read more about this driver.

    dbase = /path/myipdb.db

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    path & file data base

    exec = /path/to/file.sh

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    path & file to exec on add or delete ip address

    [drv-mysql]
    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    mysql storage driver, read more about this driver.

    port = 33306

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    mysql port

    host = localhost

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    mysql host

    login = root

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    mysql login

    pass = 12345

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    mysql password

    dbase = myipdb

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    data base name,
    if not specific, create `test`

    socket = ./mysql.sock

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    mysql socket

    exec = /path/to/file.sh

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    path & file to exec on add or delete ip address

    [drv-dbi]
    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    dbi storage driver, read more about this driver.

    dbitype = mysql

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    type dbi driver: any compiled of you system.

    DBI Support drivers:
    • MySQL
    • PostgreSQL
    • SQLite3
    • DB2
    • Ingres
    • mSQL
    • Oracle
    • Firebird/Interbase
    • FreeTDS (provides access to MS SQL Server and Sybase)
    read more about libdbi, libdbi-drivers

    port = 33306

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    DBI driver port

    host = localhost

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    DBI driver host

    login = root

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    DBI driver login

    pass = 12345

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    DBI driver password

    dbase = myipdb

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    DBI driver data base name, if not specific, create `test`

    socket = ./dbi.socket

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    DBI driver socket

    exec = /path/to/file.sh

    place locations: ipsetd-ng.conf ipsetcmd-ng.conf
    path & file to exec on add or delete ip address

    [onstart]
    place locations: ipsetd-ng.conf
    on start daemon event

    create = <table name> <list type> <table type> <family type> <table timeout>

    create = testtbl black hash:ip ipv4 3600

    create = badloglist black hash:ip

    create = whitelistng white hash:net ipv6

    place locations: ipsetd-ng.conf
    create on start ipsetd-ng daemon ipset table.
    Valid value to create command:
      table name - table name, maximum 32 characters
      list type - type of table associated, black | white
      table type - hash table type, hash:ip | hash:net | bitmap:ip
      family type - family table type, ipv4 | ipv6
      table timeout - set timeout items in table, numeric seconds

    flush = whitelistng

    place locations: ipsetd-ng.conf
    flush on start ipsetd-ng daemon ipset table, only table name to flush command

    script = systemscriptname1.js

    script = systemscriptname2.js

    place locations: ipsetd-ng.conf, sensord-ng.conf, milterd-ng.conf
    runtime is event onstart run JavaScript files shown here and placed in directory [userscript] -> base -> /plugins
    for more info see user JavaScript and '<ipset-ng-src-dir>/userscript/plugins/.js'
    • similar to this directive applies to section: onstart, onstop, onreload

    [onstop]
    place locations: ipsetd-ng.conf
    on stop ipsetd-ng daemon event

    destroy = <table name> <list type>

    destroy = testtbl black

    destroy = badloglist black

    place locations: ipsetd-ng.conf
    destroy (delete) on stop ipsetd-ng daemon ipset table
    Valid value to destroy command:
      table name - table name, maximum 32 characters
      list type - type of table associated, black | white

    flush = whitelistng

    place locations: ipsetd-ng.conf
    flush on stop ipsetd-ng daemon ipset table `whitelistng`

    [onreload]
    place locations: ipsetd-ng.conf
    reload ipsetd-ng daemon is event is -HUP signal
    any time run reload tables is monitor mode: key [r]

    flush = whitelistng

    place locations: ipsetd-ng.conf
    flush on reload ipsetd-ng daemon ipset table `whitelistng`

    [tblaccess]

    access = none | crypt | ssl

    place locations: ipsetd-ng.conf
    connect type require access user-side client to modify any table listed in this section with a parameter tbl
    options:
    • none - accept all type connections to modifying tables
    • crypt - accept crypt or SSL type connections to modifying tables
    • ssl - accept only SSL type connections to modifying tables
    modifying tables is add or insert IP address and create, flush, destroy for table operations
    any time modify this options is monitor mode: key [m]

    tbl = testtbl1

    tbl = testtbl2

    tbl = whitelistng

    tbl = zhitelistng

    tbl = jhitelistng

    tbl = yhitelistng

    tbl = fwhitelistng

    tbl = badloglist

    place locations: ipsetd-ng.conf
    access user-side client (`sensord-ng`,`connect-ng`,`apache`,`nginx`,`php`,e.t.c.)
    for modifying any in this list table, is empty: access modify to any table from ipset

    [dnsbl]
    place locations: ipsetd-ng.conf
    DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is a list of IP addresses
    which are most often used to publish the addresses of computers or networks linked to spamming or hacking.

    if receive packet where request enabled in DNSBL server, and IP address not found in ipset table,
    send request to access for IP to dns block-list server.
    see server DNSBL software for detail.

    server = bl.spamcop.org

    place locations: ipsetd-ng.conf
    DNSBL server

    port = 53

    place locations: ipsetd-ng.conf
    DNSBL server port

    timeout = 3

    place locations: ipsetd-ng.conf
    timeout in second waiting answer remote DNSBL

    cache_mem = 1024

    place locations: ipsetd-ng.conf milterd-ng.conf
    DNSBL cache size in `Kb`, if value = 0 - disable cache
    note: one IP address slot in cache have size is 56 bytes, (56 * (ip number)) = cache size
    any time clear cache is monitor mode: key [c], or print and backup cache: key [j]

    cache_ttl = 12400

    place locations: ipsetd-ng.conf milterd-ng.conf
    DNSBL cache 'TTL' address live, default 3600

    cache_backup = yes | no

    place locations: ipsetd-ng.conf milterd-ng.conf
    backup cache before exit, restore cache on start events

    [geoip]

    base = /path/to/geobase

    place locations: ipsetd-ng.conf sensord-ng.conf
    path to GeoBase, default support IP2Location and MaxMind geoIP database, for compiled to support it,
    MaxMind GeoDB needed pre-install geo library and geo database
    At any time, is in monitoring mode:
    • [g] - show Geo Information about parse IP address

    engine = ip2location | maxmind | default

    place locations: ipsetd-ng.conf sensord-ng.conf milterd-ng.conf
    select priority engine:
    • ip2location
    • maxmind
    • default
    all engine automatic determine GeoBase files

    [userscript]

    base = /etc/ipset-ng/userscript

    place locations: ipsetd-ng.conf sensord-ng.conf
    directory for user-side JavaScript, for more info,
    see user JavaScript and '<ipset-ng-src-dir>/userscript/.js'

    [preload-script]

    script = userscriptname1.js

    script = userscriptname2.js

    place locations: ipsetd-ng.conf sensord-ng.conf
    pre-loaded cached user-side JavaScript file placed in directory [userscript] -> base
    for more info see user JavaScript and '<ipset-ng-src-dir>/userscript/.js'

    [logparse]

    source = /tmp/syslog-ng.pipe

    place locations: ipsetd-ng.conf sensord-ng.conf
    for pipe mode, path to FIFO file.

    Example for syslog-ng:
      destination d_ipset{ pipe(/var/log/syslog-ng.fifo); };
      filter f_filter3 { facility(auth,authpriv); };
      log { source(s_sys); filter(f_filter3);destination(d_ipset); };
    Example for rsyslog-ng:
      authpriv.*,local3.* |/var/log/syslog.fifo
    for systemd mode, shared resource:
    • example: _SYSTEMD_UNIT=sshd.service
    • example: _SYSTEMD_UNIT=vsftpd.service
    • example: _SYSTEMD_UNIT=telnetd.service
    read more about log modes in PARSELOG.

    whitelist = whitelist

    place locations: ipsetd-ng.conf sensord-ng.conf
    ipset white list use for check IP address before
    insert in blacklist. Is found in whitelist - no insert.

    blacklist = badloglist

    place locations: ipsetd-ng.conf sensord-ng.conf
    insert parsing from LOG IP address to blacklist `name`

    useusrscr = yes | no

    place locations: ipsetd-ng.conf sensord-ng.conf
    If use JavaScript scenario, not used build in log parser.
    If not use JavaScript as default parser to log source,
    select value: `no`, or comment this line.

    jscript = test.js

    place locations: ipsetd-ng.conf sensord-ng.conf
    exec JavaScript scenario as `jscript = name`
    In case of coincidence after PCRE regular expression ['logmatch'] -> 'progid','match' full logging string passed parameter 'answer.ustr' to the JavaScript scenario.
    The script should return a status check 'answer.uret' and IP address 'answer.uip'.
    ipsetd-ng wait parameters from JavaScript parse and insert result to local storage if needed and send response to requested client.

    [logmatch]
    PCRE regexp use, more detail about syntax and rule view in PARSELOG, PCRE Pattern Syntax and use PCRE Regular expression constructor.

    progid = HTTP
    progid = xinetd

    place locations: ipsetd-ng.conf sensord-ng.conf
    program id: name to log format, line must necessarily occur in the target logging text
    for detailed, see PCRE example

    match = refused
    match = telnet|ftp|ssh
    match = {IP}

    place locations: ipsetd-ng.conf sensord-ng.conf
    match: always wanted in string
    word|word|..|words: one or more is word wanted

    Special regexp pattern {IP} is string.
    {IP} replaced to host ip address from log.

    raw = {IP}
    raw = \s.*(?:wp-config.php|wp-login.php)

    place locations: ipsetd-ng.conf sensord-ng.conf
    raw - is a regular expressions of PCRE style, see detail in PARSELOG, PCRE Pattern Syntax and use PCRE Regular expression constructor.

    family = ipv4

    place locations: ipsetd-ng.conf sensord-ng.conf
    ip address protocol family: 'ipv4','ipv6' or 'iphex'
    'iphex' - is IP address in HEX format, example: Asterisk log.
    Type 'iphex' defines the behavior of the program processing the request,
    in her case, IP address will be converted from HEX format in the text, for further processing.

    [whitelist]

    ip = 192.168.4.2
    ip = 192.168.4.3
    ip = 9.8.7.243

    place locations: sensord-ng.conf
    server-side: -
    client-side: local white list use for check IP address before insert in blacklist or fwall. Is found in local whitelist - no insert.
    ip = one ip address: 123.132.133.134

    net = 192.168.2.0/24
    net = 9.9.9.0/28

    place locations: sensord-ng.conf
    server-side: -
    client-side: local white list use for check network address before insert in blacklist or fwall. Is found in local whitelist - no insert.
    net = network: 123.132.133.0/24

    [return]

    serv_error = fail

    place locations: milterd-ng.conf
    server-side: -
    client-side: return MTA for situation - server timeout or not response, see MTA values

    dns_error = continue

    place locations: milterd-ng.conf
    server-side: -
    client-side: return MTA for situation - name or service not known, see MTA values

    no_host_error = reject

    place locations: milterd-ng.conf
    server-side: -
    client-side: return MTA for situation - server not detect hostname, see MTA values

    bad_ip_error = reject

    place locations: milterd-ng.conf
    server-side: -
    client-side: return MTA for situation - no valid ip from sender, see MTA values

    To MTA return value:
      continue - continue processing the current connection, message, or recipient
      fail - temporary failure, the corresponding SMTP command will return an appropriate 4xx status code
      reject - reject this connection

      Meta Tags: IPSET-NG configurations options