config client-guardian 'config'
	option enabled '1'
	option default_policy 'quarantine'
	option quarantine_zone 'quarantine'
	option scan_interval '30'
	option auto_approve '0'
	option log_level 'info'
	# Dashboard Reactiveness
	option auto_refresh '1'
	option refresh_interval '10'
	# Debug Mode
	option debug_enabled '0'
	option debug_level 'INFO'
	option enable_active_scan '1'
	# Auto-Zoning / Auto-Parking
	option auto_zoning_enabled '1'
	option auto_parking_zone 'guest'
	option auto_parking_approve '0'

# Alert Configuration
config alerts 'alerts'
	option enabled '1'
	option new_client_alert '1'
	option banned_attempt_alert '1'
	option quota_exceeded_alert '1'
	option suspicious_activity_alert '1'

config email 'email'
	option enabled '0'
	option smtp_server 'smtp.gmail.com'
	option smtp_port '587'
	option smtp_user ''
	option smtp_password ''
	option smtp_tls '1'
	option from_address 'guardian@router.local'
	list recipients ''

config sms 'sms'
	option enabled '0'
	option provider 'twilio'
	option api_key ''
	option api_secret ''
	option from_number ''
	list recipients ''

# Network Zones
config zone 'lan_private'
	option name 'LAN Privé'
	option description 'Réseau local de confiance'
	option network 'lan'
	option color '#22c55e'
	option icon 'home'
	option internet_access '1'
	option local_access '1'
	option inter_client '1'
	option bandwidth_limit '0'
	option time_restrictions '0'
	option content_filter 'none'

config zone 'iot'
	option name 'IoT'
	option description 'Objets connectés isolés'
	option network 'iot'
	option color '#f59e0b'
	option icon 'cpu'
	option internet_access '1'
	option local_access '0'
	option inter_client '0'
	option bandwidth_limit '10'
	option time_restrictions '0'
	option content_filter 'none'

config zone 'kids'
	option name 'Enfants'
	option description 'Accès filtré pour enfants'
	option network 'lan'
	option color '#06b6d4'
	option icon 'child'
	option internet_access '1'
	option local_access '1'
	option inter_client '1'
	option bandwidth_limit '50'
	option time_restrictions '1'
	option content_filter 'kids'
	option schedule_start '08:00'
	option schedule_end '21:00'
	list schedule_days 'mon'
	list schedule_days 'tue'
	list schedule_days 'wed'
	list schedule_days 'thu'
	list schedule_days 'fri'
	list schedule_days 'sat'
	list schedule_days 'sun'

config zone 'guest'
	option name 'Invités'
	option description 'Accès Internet limité'
	option network 'guest'
	option color '#8b5cf6'
	option icon 'users'
	option internet_access '1'
	option local_access '0'
	option inter_client '0'
	option bandwidth_limit '25'
	option time_restrictions '0'
	option content_filter 'adult'

config zone 'wan'
	option name 'Internet Seul'
	option description 'Accès Internet uniquement - pas d accès au réseau local'
	option network 'wan'
	option color '#ef4444'
	option icon 'globe'
	option internet_access '1'
	option local_access '0'
	option inter_client '0'
	option bandwidth_limit '0'
	option time_restrictions '0'
	option content_filter 'none'

config zone 'quarantine'
	option name 'Quarantaine'
	option description 'Clients non approuvés'
	option network 'quarantine'
	option color '#ef4444'
	option icon 'shield-alert'
	option internet_access '0'
	option local_access '0'
	option inter_client '0'
	option bandwidth_limit '1'

config zone 'blocked'
	option name 'Bloqué'
	option description 'Clients bannis'
	option network 'null'
	option color '#1f2937'
	option icon 'ban'
	option internet_access '0'
	option local_access '0'
	option inter_client '0'

# Content Filters
config filter 'kids_filter'
	option name 'Filtre Enfants'
	option type 'whitelist'
	list categories 'education'
	list categories 'kids'
	list categories 'games_safe'
	list blocked_categories 'adult'
	list blocked_categories 'violence'
	list blocked_categories 'gambling'
	list blocked_categories 'drugs'
	list blocked_categories 'weapons'
	option safe_search '1'
	option youtube_restricted '1'

config filter 'adult_filter'
	option name 'Filtre Adulte'
	option type 'blacklist'
	list blocked_categories 'malware'
	list blocked_categories 'phishing'
	list blocked_categories 'illegal'
	option safe_search '0'

config filter 'strict_filter'
	option name 'Filtre Strict'
	option type 'whitelist'
	list allowed_domains ''
	option block_all_else '1'

# URL Lists
config urllist 'whitelist_global'
	option name 'Liste Blanche Globale'
	option type 'whitelist'
	list urls 'google.com'
	list urls 'wikipedia.org'
	list urls 'education.gouv.fr'

config urllist 'blacklist_global'
	option name 'Liste Noire Globale'
	option type 'blacklist'
	list urls ''

# Parental Schedules
config schedule 'school_hours'
	option name 'Heures Scolaires'
	option enabled '0'
	option action 'block'
	option start_time '08:00'
	option end_time '16:00'
	list days 'mon'
	list days 'tue'
	list days 'wed'
	list days 'thu'
	list days 'fri'

config schedule 'night_block'
	option name 'Blocage Nocturne'
	option enabled '1'
	option action 'block'
	option start_time '22:00'
	option end_time '07:00'
	list days 'mon'
	list days 'tue'
	list days 'wed'
	list days 'thu'
	list days 'fri'
	list days 'sat'
	list days 'sun'

config schedule 'weekend_limit'
	option name 'Limite Weekend'
	option enabled '0'
	option action 'quota'
	option daily_quota '180'
	list days 'sat'
	list days 'sun'

# Threat Intelligence Integration
config threat_policy 'threat_policy'
	option enabled '1'
	option auto_ban_threshold '80'
	option auto_quarantine_threshold '60'
	option threat_check_interval '60'

# Example Known Clients
config client 'client_example1'
	option name 'PC Bureau Papa'
	option mac 'AA:BB:CC:DD:EE:01'
	option zone 'lan_private'
	option status 'approved'
	option first_seen '2024-12-01 10:00:00'
	option last_seen '2024-12-20 15:30:00'
	option notes 'Ordinateur principal'
	option static_ip '192.168.1.10'

config client 'client_example2'
	option name 'Tablette Enfant'
	option mac 'AA:BB:CC:DD:EE:02'
	option zone 'kids'
	option status 'approved'
	option first_seen '2024-12-05 14:00:00'
	option last_seen '2024-12-20 14:00:00'
	option daily_quota '120'
	option notes 'Tablette de Marie'

config client 'client_example3'
	option name 'Caméra Salon'
	option mac 'AA:BB:CC:DD:EE:03'
	option zone 'iot'
	option status 'approved'
	option first_seen '2024-11-15 09:00:00'
	option notes 'Caméra IP Xiaomi'
	option static_ip '192.168.1.50'

config client 'client_banned'
	option name 'Intrus Détecté'
	option mac 'AA:BB:CC:DD:EE:99'
	option zone 'blocked'
	option status 'banned'
	option first_seen '2024-12-18 03:00:00'
	option ban_reason 'Tentative intrusion'
	option ban_date '2024-12-18 03:05:00'

# Auto-Zoning Rules
# Rules are evaluated in order, first match wins

# IoT Devices - Chinese brands
config auto_zone_rule 'rule_xiaomi'
	option enabled '1'
	option name 'Xiaomi Devices'
	option match_type 'vendor'
	option match_value 'Xiaomi'
	option target_zone 'iot'
	option auto_approve '0'
	option priority '10'

config auto_zone_rule 'rule_tuya'
	option enabled '1'
	option name 'Tuya Smart Devices'
	option match_type 'vendor'
	option match_value 'Tuya'
	option target_zone 'iot'
	option auto_approve '0'
	option priority '10'

config auto_zone_rule 'rule_tp_link'
	option enabled '1'
	option name 'TP-Link Smart Home'
	option match_type 'vendor'
	option match_value 'TP-Link'
	option target_zone 'iot'
	option auto_approve '0'
	option priority '10'

# Mobile devices - Kids tablets
config auto_zone_rule 'rule_kids_tablet'
	option enabled '1'
	option name 'Kids Tablets'
	option match_type 'hostname'
	option match_pattern 'tablet-.*|.*-kid.*|samsung-tab-kid'
	option target_zone 'kids'
	option auto_approve '1'
	option priority '20'

# Guest devices - Temporary
config auto_zone_rule 'rule_guest_android'
	option enabled '1'
	option name 'Guest Android Phones'
	option match_type 'hostname'
	option match_pattern 'android-.*|Galaxy-.*|Pixel-.*'
	option target_zone 'guest'
	option auto_approve '0'
	option priority '30'

config auto_zone_rule 'rule_guest_iphone'
	option enabled '1'
	option name 'Guest iPhones'
	option match_type 'hostname'
	option match_pattern 'iPhone.*|iPad.*'
	option target_zone 'guest'
	option auto_approve '0'
	option priority '30'

# Trusted devices - Apple ecosystem
config auto_zone_rule 'rule_apple_trusted'
	option enabled '0'
	option name 'Apple Devices (Trusted)'
	option match_type 'vendor'
	option match_value 'Apple'
	option target_zone 'lan_private'
	option auto_approve '1'
	option priority '40'

# IoT Cameras
config auto_zone_rule 'rule_cameras'
	option enabled '1'
	option name 'IP Cameras'
	option match_type 'hostname'
	option match_pattern '.*camera.*|.*cam.*|ipcam.*|IPCam.*'
	option target_zone 'iot'
	option auto_approve '0'
	option priority '15'

