cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openbsd-ports/net/fastnetmon/pkg
History
sthen 970b3ac90e fastnetmon: tidy away some scripts in examples that aren't useful at runtime, 
@sample the sample exabgp config file (it needs modification in order to use
it).  ok jasper@
2020-11-25 13:54:12 +00:00
..
DESCR
fastnetmon.rc
fastnetmon: create /var/run/fastnetmon in the rc script
2020-05-14 11:47:32 +00:00
PLIST
fastnetmon: tidy away some scripts in examples that aren't useful at runtime,
2020-11-25 13:54:12 +00:00
README

README 

$OpenBSD: README,v 1.2 2018/09/04 12:46:17 espie Exp $

+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------

NetFlow input from pf
---------------------
By default FastNetMon listens on port 2055 for incoming NetFlow data. This can
be obtained from pflow(4). Minimal pf.conf addition to export all states through
pflow(4):

	set state-defaults pflow

And create a pflow0 with:

	# ifconfig pflow0 flowsrc 127.0.0.1 flowdst 127.0.0.1:2055

The default protocol version (5) works fine with FastNetMon.

Configuration
-------------
At the very minimum the known networks need to be recorded in
${SYSCONFDIR}/fastnetmon/networks_list in CIDR notation, otherwise all traffic
is classified as "other traffic".

Also a notification script needs to be configured and installed to actually
perform a ban. A stub is provided in
${PREFIX}/share/examples/fastnetmon/notify_about_attack.sh