# # /etc/security/shield.conf # # # log debugging info to syslog # debug off # # block all-users blocks only unknown users # block all-users blocks everyone # block all-users # # is it OK for the remote host to have no DNS entry? # allow_missing_dns yes # # is it OK for the remote host to have no reverse DNS entry? # allow_missing_reverse yes # # allow these hosts or networks by name # allow localhost # allow .localdomain # # never lock out this network # You should list all your local networks here to make sure no local user can # lock you out from the inside # allow 127.0.0.1/255.0.0.0 # this syntax is also supported: #allow 127.0.0.1/8 # # location of the database file # db /var/lib/pam_shield/db # # external command that is run when a site should be blocked/unblocked # trigger_cmd /usr/sbin/shield-trigger-iptables # # number of connections per interval from one site that triggers us # max_conns 3 # # the interval and retention period may be specified in seconds, or # with a postfix: # # 1s seconds 1w weeks # 1m minutes 1M months (30 days) # 1h hours 1y years # 1d days # interval 5m # # period until the entry expires from the database again # retention 1h # EOB