NAME
====

*/etc/seqknock-nftables/config.yaml* - Configuration file for seqknock-nftables


DESCRIPTION
===========

The file is a standard YAML file, see https://yaml.org/ for more information.

TOP LEVEL KEYS
--------------
**global** - The global key contains a **port configuration** dictionary that
is used as fallback for configuration keys missing for individual ports.

**leave_policy** - Weather the policy (drop/reject) should be left behind at
shutdown. Default is false, meaning the policy will be removed from the
firewall.

**ports** - A dictionary of *port numbers* to **port configuration**s.


**port configuration**
-----------------------
**psk** - Pre-shared secret to be used to calculate the sequence numbers.

**tolerance** - Tolerance in seconds, connections will be allowed +/- this time
compared to a period. The default value of 10 means that the total time a
sequence number will be accepted is 30+10+10=50.

**period** - Period used to rotate sequence numbers.

**reject** - Wether packets with non-matching sequence numbers should be
*rejected*. The default is *false*, meaning that the default policy is *drop*.


EXAMPLE
=======

```
---
global:
  psk: defaultsecret
  tolerance: 10
  period: 30
  reject: false

ports:
  22:
    psk: secretkeyforssh
  23:
    psk:
     - secretkeyfortelnet_alice
     - secretkeyfortelnet_bob
    reject: true
```


AUTHOR
======
Jonas Eriksson


HOMEPAGE
========
https://git.sr.ht/~upto/seqknock/


SEE ALSO
========
**seqknock**(1), **seqknock-nftables-config**(5), **seqknock-proxycmd**(1)