# Configuration of the bouncer daemon

Bouncer {

# Socket through which we receive log messages
ListenOn	/var/run/bouncer.sock

# On the first login failure, we remember that an IP address is suspect
# and start counting failures. After too much failures, the address is banned.
MaxFailures	9

# When a suspect address produces no further failures within this time [sec],
# it is acquitted and forgotten.
SuspectTime	600

# Bans are lifted after this many seconds.
BannedTime	3600

# After a ban is lifted, the IP address undergoes further probation. If it
# produces more failures within the probation period, it is banned again.
MaxProbation	1

# When an address is banned again during probation, its ban time is multiplied
# by BannedAgainCoeff, but it cannot exceed MaxBannedTime [sec].
BannedAgainCoeff	2
MaxBannedtime		86400

# Probation expires after [sec]
ProbationTime	600

# Limit on the number of suspect addresses and bans we keep in memory
MaxCulprits	1000

# We log all messages to the log stream configured below
LogStream	syslog

# Names of ipsets we feed the banned addresses to
# (you can omit either to disable processing of IPv4 or IPv6)
IPv4Set		bouncer4
IPv6Set		bouncer6

}

# Configuration of logging (see libucw docs for details)
Logging {
	Stream {
		Name		syslog
		SyslogFacility	daemon
		# Levels:remove	debug
	}
}