1145510Sdarrenr# 2145510Sdarrenr# 3145510Sdarrenr# 4145510Sdarrenr# 5255332Scymatch { logtag = 10000; } 6255332Scydo { execute("/usr/bin/mail -s 'logtag 10000' root"); }; 7145510Sdarrenr# 8255332Scymatch { logtag = 2000, every 10 seconds; } 9255332Scydo { execute("echo 'XXXXXXXX tag 2000 packet XXXXXXXX'"); }; 10145510Sdarrenr# 11255332Scymatch { protocol = udp, result = block; } 12255332Scydo { file("file:///var/log/udp-block"); }; 13145510Sdarrenr# 14255332Scymatch { protocol = tcp, result = block, dstport = 25; } 15255332Scydo { syslog("local0.info"), syslog("local1."), syslog(".warn"); }; 16255332Scy# 17255332Scymatch { srcip = 10.1.0.0/16, dstip = 192.168.1.0/24; } 18255332Scydo { execute("/usr/bin/mail -s 'from 10.1 to 192.168.1' root"); }; 19255332Scy 20255332Scy# 21145510Sdarrenrmatch { 22145510Sdarrenr rule = 12, logtag = 101, direction = in, result = block, 23255332Scy protocol = udp, srcip = 10.1.0.0/16, dstip = 192.168.1.0/24; } 24255332Scydo { nothing; }; 25145510Sdarrenr# 26