projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bugs role cleanup
[mirror/dsa-puppet.git]
/
modules
/
roles
/
manifests
/
security_mirror.pp
diff --git
a/modules/roles/manifests/security_mirror.pp
b/modules/roles/manifests/security_mirror.pp
index
89c1e19
..
4534a46
100644
(file)
--- a/
modules/roles/manifests/security_mirror.pp
+++ b/
modules/roles/manifests/security_mirror.pp
@@
-1,12
+1,18
@@
class roles::security_mirror {
include roles::archvsync_base
class roles::security_mirror {
include roles::archvsync_base
+ # security abusers
+ # 198.108.67.48 DoS against our rsync service
+ ferm::rule { 'dsa-security-abusers':
+ prio => "005",
+ rule => "saddr ( 198.108.67.48/32 ) DROP",
+ }
+
$binds = $::hostname ? {
mirror-anu => [ '150.203.164.61', '[2001:388:1034:2900::3d]' ],
$binds = $::hostname ? {
mirror-anu => [ '150.203.164.61', '[2001:388:1034:2900::3d]' ],
- mirror-bytemark => [ '5.153.231.46', '[2001:41c8:1000:21::21:46]' ],
- mirror-conova => [ '217.196.149.233', '[2a02:16a8:dc41:100::233]' ],
mirror-isc => [ '149.20.4.14', '[2001:4f8:1:c::14]' ],
mirror-umn => [ '128.101.240.215', '[2607:ea00:101:3c0b::1deb:215]' ],
mirror-isc => [ '149.20.4.14', '[2001:4f8:1:c::14]' ],
mirror-umn => [ '128.101.240.215', '[2607:ea00:101:3c0b::1deb:215]' ],
+ schmelzer => [ '217.196.149.233', '[2a02:16a8:dc41:100::233]' ],
default => [ '[::]' ],
}
default => [ '[::]' ],
}
@@
-25,7
+31,7
@@
class roles::security_mirror {
roles::mirror_health { 'security':
check_hosts => $hosts_to_check,
check_service => 'security',
roles::mirror_health { 'security':
check_hosts => $hosts_to_check,
check_service => 'security',
- url => 'http://security.backend.mirrors.debian.org/debian
/dists/sid
/Release',
+ url => 'http://security.backend.mirrors.debian.org/debian
-security/dists/stable/updates
/Release',
health_url => 'http://security.backend.mirrors.debian.org/_health',
}
health_url => 'http://security.backend.mirrors.debian.org/_health',
}