#
#	/etc/security/shield.conf
#

#
#	log debugging info to syslog
#
debug off

#
#	block all-users		blocks only unknown users
#	block all-users			blocks everyone
#
block all-users

#
#	is it OK for the remote host to have no DNS entry?
#
allow_missing_dns yes

#
#	is it OK for the remote host to have no reverse DNS entry?
#
allow_missing_reverse yes

#
#	allow these hosts or networks by name
#
allow localhost
# allow .localdomain

#
#	never lock out this network
#	You should list all your local networks here to make sure no local user can
#	lock you out from the inside
#
allow 127.0.0.1/255.0.0.0

# this syntax is also supported:
#allow 127.0.0.1/8


#
#	location of the database file
#
db /var/lib/pam_shield/db

#
#	external command that is run when a site should be blocked/unblocked
#
trigger_cmd /usr/sbin/shield-trigger-iptables

#
#	number of connections per interval from one site that triggers us
#
max_conns 3

#
#	the interval and retention period may be specified in seconds, or
#	with a postfix:
#
#		1s	seconds				1w	weeks
#		1m	minutes				1M	months (30 days)
#		1h	hours				1y	years
#		1d	days
#
interval 5m

#
#	period until the entry expires from the database again
#
retention 1h

# EOB