From 8dee4e6a05137669704995b3c24c1c7a217cf063 Mon Sep 17 00:00:00 2001
From: fumingwei <fumingwei@geedgenetworks.com>
Date: Sat, 18 Sep 2021 15:33:17 +0800
Subject: [PATCH] =?UTF-8?q?feature:=E5=9C=A8provision.default.yml=E4=B8=AD?=
 =?UTF-8?q?=E6=96=B0=E5=A2=9Eddos=E7=9B=B8=E5=85=B3=E9=85=8D=E7=BD=AE?=
 =?UTF-8?q?=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ansible/roles/firewall/templates/main.conf.j2.j2          | 8 ++++----
 .../config_sample/provision.default.yml.7400MCN0P01R01    | 4 ++++
 .../config_sample/provision.default.yml.9000NPBP01R01     | 4 ++++
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/firewall/templates/main.conf.j2.j2 b/ansible/roles/firewall/templates/main.conf.j2.j2
index 99a5188d..7f2913f6 100644
--- a/ansible/roles/firewall/templates/main.conf.j2.j2
+++ b/ansible/roles/firewall/templates/main.conf.j2.j2
@@ -122,10 +122,10 @@ mv_depth=4
 mv_width=13660
 timestemp=5
 min_report_threshold=150
-tcp_flood_thresh="0.0008"
-udp_flood_thresh="0.0008"
-icmp_flood_thresh="0.0008"
-dns_flood_thresh="0.0008"
+tcp_flood_thresh="{{ ddossketch.tcp_flood_report_thresh }}"
+udp_flood_thresh="{{ ddossketch.udp_flood_report_thresh }}"
+icmp_flood_thresh="{{ ddossketch.icmp_flood_report_thresh }}"
+dns_flood_thresh="{{ ddossketch.dns_flood_report_thresh }}"
 
 {% if PROFILE_ID == '9000-NPB-P01R01' %}
 [TRAFFIC_MIRROR]
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01
index 60f257e9..6b493d11 100644
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01
@@ -22,6 +22,10 @@ wannat:
 
 ddossketch:
   enable: 1
+  tcp_flood_report_thresh: 0.0008
+  udp_flood_report_thresh: 0.0008
+  icmp_flood_report_thresh: 0.0008
+  dns_flood_report_thresh: 0.0008
 
 app:
   identify_by:
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01
index 52c59f4b..cb0aac49 100644
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01
@@ -21,6 +21,10 @@ wannat:
 
 ddossketch:
   enable: 1
+  tcp_flood_report_thresh: 0.0008
+  udp_flood_report_thresh: 0.0008
+  icmp_flood_report_thresh: 0.0008
+  dns_flood_report_thresh: 0.0008
 
 app:
   identify_by: