X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Ffiles%2Fferm.conf;h=5b38e34c31723e0379157a63e1dad0a9e8e390e6;hb=ee2c3a95c7c4accc34846a4f33097535f2b9f4b0;hp=5f6e159f67145ba6119fb0bd85989921791869bc;hpb=15ccade5b7bd26ed13178eda5cb183fcf6c10a1b;p=mirror%2Fdsa-puppet.git diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf index 5f6e159f6..5b38e34c3 100644 --- a/modules/ferm/files/ferm.conf +++ b/modules/ferm/files/ferm.conf @@ -16,8 +16,8 @@ domain ip { } chain log_or_drop { - mod hashlimit hashlimit-name ulogreject hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second jump log_and_reject; - mod hashlimit hashlimit-name uloglogdrop hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second ULOG ulog-prefix "DROP: "; + mod hashlimit hashlimit-name ulogreject hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second jump log_and_reject; + mod hashlimit hashlimit-name uloglogdrop hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second ULOG ulog-prefix "DROP: "; DROP; } @@ -32,8 +32,8 @@ domain ip6 { } chain log_or_drop { - mod hashlimit hashlimit-name logreject hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second jump log_and_reject; - mod hashlimit hashlimit-name loglogdrop hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second LOG log-prefix "DROP: "; + mod hashlimit hashlimit-name logreject hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second jump log_and_reject; + mod hashlimit hashlimit-name loglogdrop hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second LOG log-prefix "DROP: "; DROP; } } @@ -41,7 +41,7 @@ domain ip6 { domain (ip ip6) { table filter { chain INPUT { - policy DROP; + policy ACCEPT; mod state state (ESTABLISHED RELATED) ACCEPT; interface lo ACCEPT; proto icmp ACCEPT;