- rsync::site { 'security':
- source => 'puppet:///modules/roles/security_mirror/rsyncd.conf',
- max_clients => 100,
- binds => $binds,
- }
-
- $onion_v4_addr = $::hostname ? {
- mirror-anu => '150.203.164.61',
- mirror-isc => '149.20.4.14',
- mirror-umn => '128.101.240.215',
- villa => '212.211.132.32',
- lobos => '212.211.132.250',
- default => undef,
- }
- if has_role('security_mirror_onion') {
- if ! $onion_v4_addr {
- fail("Do not have an onion_v4_addr set for $::hostname.")
- }
-
- onion::service { 'security.debian.org':
- port => 80,
- target_port => 80,
- target_address => $onion_v4_addr,
- }
- }
+ # security abusers
+ # 198.108.67.48 DoS against our rsync service
+ ferm::rule { 'dsa-security-abusers':
+ prio => '005',
+ rule => 'saddr ( 198.108.67.48/32 ) DROP',
+ }