class roles::security_mirror {
include roles::archvsync_base
+ # security abusers
+ # 198.108.67.48 DoS against our rsync service
+ @ferm::rule { 'dsa-security-abusers':
+ prio => "005",
+ rule => "saddr ( 198.108.67.48/32 ) DROP",
+ }
+
$binds = $::hostname ? {
mirror-anu => [ '150.203.164.61', '[2001:388:1034:2900::3d]' ],
- mirror-bytemark => [ '5.153.231.46', '[2001:41c8:1000:21::21:46]' ],
- mirror-conova => [ '217.196.149.233', '[2a02:16a8:dc41:100::233]' ],
mirror-isc => [ '149.20.4.14', '[2001:4f8:1:c::14]' ],
mirror-umn => [ '128.101.240.215', '[2607:ea00:101:3c0b::1deb:215]' ],
+ schmelzer => [ '217.196.149.233', '[2a02:16a8:dc41:100::233]' ],
default => [ '[::]' ],
}
roles::mirror_health { 'security':
check_hosts => $hosts_to_check,
check_service => 'security',
- url => 'http://security.backend.mirrors.debian.org/debian/dists/sid/Release',
+ url => 'http://security.backend.mirrors.debian.org/debian-security/dists/stable/updates/Release',
health_url => 'http://security.backend.mirrors.debian.org/_health',
}