added configuration variable documentation and filename documentation

README.md

@@ -112,6 +112,8 @@ services:
       - TZ="Europe/Rome"
     volumes:
       - ./config.yaml:/app/config.yaml:ro
+      # bind mount for firewall exporters
+      - ./exports:/app/exports
       - krawl-data:/app/data
     restart: unless-stopped
 
@@ -204,6 +206,7 @@ Krawl uses a **configuration hierarchy** in which **environment variables take p
 | `KRAWL_DASHBOARD_SECRET_PATH` | Custom dashboard path | Auto-generated |
 | `KRAWL_PROBABILITY_ERROR_CODES` | Error response probability (0-100%) | `0` |
 | `KRAWL_DATABASE_PATH` | Database file location | `data/krawl.db` |
+| `KRAWL_EXPORTS_PATH` | Path where firewalls rule sets are exported | `exports` |
 | `KRAWL_DATABASE_RETENTION_DAYS` | Days to retain data in database | `30` |
 | `KRAWL_HTTP_RISKY_METHODS_THRESHOLD` | Threshold for risky HTTP methods detection | `0.1` |
 | `KRAWL_VIOLATED_ROBOTS_THRESHOLD` | Threshold for robots.txt violations | `0.1` |

docs/firewall-exporters.md

@@ -14,6 +14,8 @@ class Iptables{ }
 note for Iptables "implements the getBanlist method for iptables rules"
 ```
 
+Rule sets are generated trough the `top_attacking_ips__export-malicious-ips` that writes down the files in the `exports_path` configuration path. Files are named after the specific firewall that they implement as `[firewall]_banlist.txt` except for raw file that is called `malicious_ips.txt` to support legacy
+
 ## Adding firewalls exporters
 
 To add a firewall exporter create a new python class in `src/firewall` that implements `FWType` class