# nDPId Configuration for SecuBox
# /etc/config/ndpid

config ndpid 'main'
	option enabled '1'
	option user 'nobody'
	option group 'nogroup'
	# Interfaces to monitor (space-separated)
	list interface 'br-lan'
	# Collector socket path
	option collector_socket '/var/run/ndpid/collector.sock'
	# Enable packet capture
	option pcap_filter ''
	# Max flows to track
	option max_flows '100000'
	# Flow idle timeout (ms)
	option flow_idle_timeout '600000'
	# TCP flow timeout (ms)
	option tcp_timeout '7200000'
	# UDP flow timeout (ms)
	option udp_timeout '180000'
	# Enable compression
	option compression '1'

config ndpisrvd 'distributor'
	option enabled '1'
	# Listen socket for consumers
	option listen_socket '/var/run/ndpid/distributor.sock'
	# TCP listen port (0 = disabled)
	option tcp_port '7000'
	option tcp_address '127.0.0.1'
	# Max clients
	option max_clients '10'

config ndpid 'compat'
	# Enable Netifyd compatibility layer
	option enabled '1'
	# Output paths (Netifyd-compatible)
	option status_file '/var/run/netifyd/status.json'
	option flows_file '/tmp/ndpid-flows.json'
	# Update interval (seconds)
	option update_interval '1'

config actions 'actions'
	# Enable flow actions (ipset/nftables)
	option enabled '0'
	# BitTorrent detection
	option bittorrent_ipset 'secubox-bittorrent'
	option bittorrent_timeout '900'
	# Streaming services
	option streaming_ipset 'secubox-streaming'
	option streaming_timeout '1800'
	# Blocked categories
	option blocked_ipset 'secubox-blocked'
	option blocked_timeout '3600'
	# List of blocked applications
	list blocked_app 'bittorrent'
	list blocked_app 'tor'