# 20181222, excessive number of requests
# 208.91.68.213
# 198.11.128.0/18
+ # running jugdo against snapshot
+ # 159.226.95.0/24
+ # 84.204.194.0/24
+ # 211.13.205.0/24
+ # 20190512 tens of thousands of queries
+ # 63.32.0.0/14
+ # 95.115.66.23
@ferm::rule { 'dsa-snapshot-abusers':
prio => "005",
- rule => "saddr (61.69.254.110 18.128.0.0/9 3.120.0.0/14 35.156.0.0/14 52.58.0.0/15 99.137.191.34 51.15.215.91 208.91.68.213 198.11.128.0/18) DROP",
+ rule => "saddr (61.69.254.110 18.128.0.0/9 3.120.0.0/14 35.156.0.0/14 52.58.0.0/15 99.137.191.34 51.15.215.91 208.91.68.213 198.11.128.0/18 159.226.95.0/24 84.204.194.0/24 211.13.205.0/24 63.32.0.0/14 95.115.66.23) DROP",
}
ensure_packages ( [
@ferm::rule { 'dsa-snapshot-connlimit':
domain => '(ip ip6)',
prio => "005",
- rule => "proto tcp mod state state (NEW) daddr (${ipv4addr} ${ipv6addr}) mod multiport destination-ports (80 443) mod connlimit connlimit-above 3 DROP;
- proto tcp mod state state (NEW) dport 6081 mod connlimit connlimit-above 3 DROP
+ rule => "proto tcp mod state state (NEW) interface ! lo daddr (${ipv4addr} ${ipv6addr}) mod multiport destination-ports (80 443) mod connlimit connlimit-above 3 DROP;
+ proto tcp mod state state (NEW) interface ! lo dport 6081 mod connlimit connlimit-above 3 DROP
",
}