# /etc/autoblock/autoblock.rules
#
# Rule_Name {
#	info	= Comment about this rule
#	time	= Given in sec/min/hours/days
#	match	= String match, use | to seperate multiple matches
#	source	= Default is "SRC="
#	hits	= Number of hits to exceed before IP is blocked
#	hittime = Time limit for hits to accumulate
# }

SSH_Attack {
	info	= Brute force attack on SSH
	time	= 7days
	match	= sshd|: Failed password for
	hits	= 4
	hittime = 1mins
	source	= from
}

NAMED_lame {
	info	= DNS Server abuse
	time	= 3days
	match	= : lame server resolving
	hits	= 4
	hittime = 2mins
	source	= ?): 
	domain	= lame server resolving '|'
}

NAMED_servfail {
	info	= DNS Server abuse
	time	= 2days
	match	= : unexpected RCODE (SERVFAIL)
	hits	= 3
	hittime = 1mins
	source	= ': 
	domain	= resolving '|/
}

NAMED_refused {
	info	= DNS Server abuse
	time	= 2days
	match	= : unexpected RCODE (REFUSED)
	hits	= 3
	hittime = 1mins
	source	= ': 
	domain	= resolving '|/
}

NAMED_formerr {
	info	= DNS Server abuse
	time	= 2days
	match	= : FORMERR resolving
	hits	= 3
	hittime = 1mins
	source	= ': 
	domain	= resolving '|/
}