more amazon networks to blacklist

[mirror/dsa-puppet.git] / modules / roles / manifests / security_tracker.pp

diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp
index 0e94dd8..1e93e29 100644 (file)
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -4,14 +4,14 @@ class roles::security_tracker {
        include apache2::expires
 
        apache2::module { 'cache_disk':
-               ensure => present,
+               ensure => absent,
        }
 
        # security-tracker abusers
        #  66.170.99.1  20180706 excessive number of requests
        #  66.170.99.2  20180706 excessive number of requests
        @ferm::rule { 'dsa-sectracker-abusers':
-               prio  => "000",
+               prio  => "005",
                rule  => "saddr (66.170.99.1 66.170.99.2) DROP",
        }