Config Reference¶
Auto-generated from the ShieldFileConfig model. Unknown keys are rejected at load time (extra='forbid').
Top-level keys¶
| Key | Type | Default | Description |
|---|---|---|---|
mode |
Literal | "auto" |
Firewall mode. auto selects the best available; hook forces OCI hook mode. |
default_profiles |
list of string | [] |
Allowlist profiles applied when no explicit list is given. |
loopback_ports |
list of integer | [] |
TCP ports forwarded to host loopback via pasta -T. |
interactive |
boolean | false |
Enable interactive NFLOG approval mode |
audit:¶
| Key | Type | Default | Description |
|---|---|---|---|
enabled |
boolean | true |
Write per-container JSONL audit logs. |
Example¶
config.yml
# Firewall mode. auto selects the best available; hook forces OCI hook mode.
mode: auto
# Allowlist profiles applied when no explicit list is given.
default_profiles: []
# TCP ports forwarded to host loopback via pasta -T.
loopback_ports: []
# Enable interactive NFLOG approval mode
interactive: false
# Audit logging settings
audit:
# Write per-container JSONL audit logs.
enabled: true