# 52.59.245.42
# 52.59.253.41
# 52.59.71.13
+ # 20180821 mirroring
+ # 99.137.191.34
+ # 20181110 crawler
+ # 51.15.215.91
+ # 20181222, excessive number of requests
+ # 208.91.68.213
+ # 198.11.128.0/18
+ # running jugdo against snapshot
+ # 159.226.95.0/24
+ # 84.204.194.0/24
+ # 211.13.205.0/24
+ # 20190512 tens of thousands of queries
+ # 63.32.0.0/14
+ # 95.115.66.23
@ferm::rule { 'dsa-snapshot-abusers':
- prio => "000",
- rule => "saddr (61.69.254.110 18.194.0.0/15 18.196.0.0/15 3.120.0.0/14 35.156.0.0/14 52.58.0.0/15) DROP",
+ prio => "005",
+ rule => "saddr (61.69.254.110 18.128.0.0/9 3.120.0.0/14 35.156.0.0/14 52.58.0.0/15 99.137.191.34 51.15.215.91 208.91.68.213 198.11.128.0/18 159.226.95.0/24 84.204.194.0/24 211.13.205.0/24 63.32.0.0/14 95.115.66.23) DROP",
}
ensure_packages ( [
}
}
+ @ferm::rule { 'dsa-snapshot-connlimit':
+ domain => '(ip ip6)',
+ prio => "005",
+ rule => "proto tcp mod state state (NEW) interface ! lo daddr (${ipv4addr} ${ipv6addr}) mod multiport destination-ports (80 443) mod connlimit connlimit-above 3 DROP;
+ proto tcp mod state state (NEW) interface ! lo dport 6081 mod connlimit connlimit-above 3 DROP
+ ",
+ }
+
# varnish cache
###############
@ferm::rule { 'dsa-nat-snapshot-varnish-v4':