Main settings (kor-elf-shield.toml)

By default, the main settings are located here:

/etc/kor-elf-shield/kor-elf-shield.toml

But you can also run the program via the --config flag and specify your path. For example:

kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml start

This should be changed in /etc/systemd/system/kor-elf-shield.service

[Unit]
Description=kor-elf-shield
After=network.target

[Service]
-ExecStart=/usr/sbin/kor-elf-shield start
-ExecStop=/usr/sbin/kor-elf-shield stop
+ExecStart=/usr/sbin/kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml start
+ExecStop=/usr/sbin/kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml stop

[Install]
WantedBy=sysinit.target

And edit /etc/kor-elf-shield.logrotate

/var/log/kor-elf-shield.log {
    rotate 3
    weekly
    compress
    maxsize 100M
    missingok
    notifempty
    postrotate
-        /usr/sbin/kor-elf-shield reopen_logger
+        /usr/sbin/kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml reopen_logger
    endscript
}

A copy of the full settings file (kor-elf-shield.toml) is located here.

There are several sections in this file:

Basic settings
Log
OS-specific settings
Paths to other settings

Basic settings

These settings should be located at the beginning of the file before the sections: "Log", "OS-specific settings", "Paths to other settings".

***
Parameter	testing
Meaning	true or false
By default	true
Description	Enables the test mode. If the test mode is enabled, then after the minutes specified in the "testing_interval" parameter, the program with clearing rules from nftables will shut down. true - includes false - turns it off
Examples	`testing = true` `testing = false`
Parameter	testing_interval
Meaning	from 1 to 30,000
By default	5
Description	Specify in minutes how long the program running in test mode will shut down.
Examples	`testing_interval = 1` `testing_interval = 5` `testing_interval = 60` `testing_interval = 30000`
***
Parameter	language
Meaning	ru, kk, en
By default	ru
Description	We specify the language. Does not affect logs. Logs are written in English. Currently, the following languages are supported: ru - Russian kk - Kazakh en - English
Examples	`language = "ru"` `language = "kk"` `language = "en"`
***
Parameter	fallback_language
Meaning	ru, kk, en
By default	ru
Description	The second language, in case the current language doesn't have a translation. All the values that the language parameter has are available. But we recommend specifying "ru" or "en".
Examples	`language = "ru"` `language = "en"`
***
Parameter	pid_file
Meaning	Specifying the path to the file
By default	/var/run/kor-elf-shield/kor-elf-shield.pid
Description	The path where the pid file will be created. The path must be absolute. The relative path will cause an error! You must specify .pid at the end.
Examples	`pid_file = "/var/run/kor-elf-shield/kor-elf-shield.pid"`
***
Parameter	socket_file
Meaning	Specify the path to the file
By default	/var/run/kor-elf-shield/kor-elf-shield.sock
Description	The path where the socket file will be created. The path must be absolute. The relative path will cause an error! You must specify .sock at the end.
Examples	`socket_file = "/var/run/kor-elf-shield/kor-elf-shield.sock"`

Log

To specify the parameters for this section, you must first specify [log], and then specify the remaining parameters of this section. Example:

[log]
enabled = true
level = "info"

***
Parameter	enabled
Meaning	true or false
By default	true
Description	Includes logs. true - includes false - turns it off
Examples	`enabled = true` `enabled = false`
Parameter	level
Meaning	debug, info, warn, error, fatal
By default	info
Description	Logging level: debug logs are for debugging and it is recommended not to select them in production. info - Detailed management of the lair. Records information about starting, stopping, etc. warn - Warnings about potentially problematic situations that do not interfere with the operation of the application, but require attention. error - Errors that occurred during operation, but did not cause the program to stop. fatal - Critical errors, after which the program will shut down.
Examples	`level = "debug"` `level = "info"` `level = "warn"` `level = "error"` `level = "fatal"`
***
Parameter	development
Meaning	true or false
By default	false
Description	It is needed for debugging in test environments. It should always be turned off in production. true - includes false - turns it off
Examples	`development = false` `development = true`
***
Parameter	encoding
Meaning	json or text
By default	json
Description	In what format should the data be written to the log?: json - In the json format. text - In plain text format. Each parameter in the log will be separated by a space. (not recommended)
Examples	`encoding = json` `encoding = text`
***
Parameter	paths
Meaning	Specifying the paths to the log
By default	["/var/log/kor-elf-shield.log"]
Description	A list of locations for the main logs. You can specify several paths. The path must be absolute. The relative path will cause an error! You must specify .log at the end. The exception of "stdout" and "stderr" is data output to the console. If we change the standard value, it is recommended to view and edit the /etc/logrotate.d/kor-elf-shield file to the new paths.
Examples	`paths = ["/var/log/kor-elf-shield.log"]` `paths = ["/var/log/kor-elf-shield.log", "stdout"]` `paths = ["/var/log/kor-elf-shield.log", "/mnt/other-server/kor-elf-shield.log", "stdout"]`
***
Parameter	log_error_paths
Meaning	Specifying the paths to the log
By default	["stderr"]
Description	A list of locations for logging errors. For example, the logger could not record some data. You can specify several paths. The path must be absolute. The relative path will cause an error! You must specify .log at the end. The exception of "stdout" and "stderr" is data output to the console. If we change the standard value, it is recommended to view and edit the /etc/logrotate.d/kor-elf-shield file to the new paths.
Examples	`paths = ["stderr"]` `paths = ["/var/log/kor-elf-shield-error.log", "stderr"]` `paths = ["/var/log/kor-elf-shield-error.log", "/mnt/other-server/kor-elf-shield-error.log", "stderr"]`

OS-specific settings

To specify the parameters for this section, you must first specify [binaryLocations], and then specify the remaining parameters of this section. Example:

[binaryLocations]
nftables = "/usr/sbin/nft"

Parameter	nftables
Meaning	Specifying the path to nftables
By default	/usr/sbin/nft
Description	Specify the path to nftables. Perhaps the path may be different in your OS.
Examples	`nftables = "/usr/sbin/nft"`

Paths to other settings

To specify the parameters for this section, you must first specify [otherSettingsPath], and then specify the other parameters of this section. Example:

[otherSettingsPath]
firewall = "/etc/kor-elf-shield/firewall.toml"

Parameter	firewall
Meaning	Specifying the path to the settings for the firewall
By default	/etc/kor-elf-shield/firewall.toml
Description	Specify the path to the firewall settings. In these settings, we specify which ports to open or close. Which IP addresses should be blocked or vice versa, so that they would never be blocked. The path must be absolute. The relative path will cause an error! You must specify .toml at the end. You can read about the firewall settings here.
Examples	`firewall = "/etc/kor-elf-shield/firewall.toml"`