snapshot-web: remove AWS block

Let's try and see if the rate-limiting makes things bearable.

diff --git a/modules/roles/manifests/snapshot_web.pp b/modules/roles/manifests/snapshot_web.pp
index cee2b94..627ea9d 100644 (file)
--- a/modules/roles/manifests/snapshot_web.pp
+++ b/modules/roles/manifests/snapshot_web.pp
@@ -30,7 +30,7 @@ class roles::snapshot_web {
   # 20181222, excessive number of requests
   #  208.91.68.213
   # 198.11.128.0/18
-  # running jugdo against snapshot
+  # running jigdo against snapshot
   #  159.226.95.0/24
   #  84.204.194.0/24
   #  211.13.205.0/24
@@ -48,7 +48,7 @@ class roles::snapshot_web {
   #  74.121.137.108
   ferm::rule { 'dsa-snapshot-abusers':
     prio => '005',
-    rule => 'saddr (61.69.254.110 18.128.0.0/9 3.120.0.0/14 35.156.0.0/14 52.58.0.0/15 99.137.191.34 51.15.215.91 208.91.68.213 198.11.128.0/18 159.226.95.0/24 84.204.194.0/24 211.13.205.0/24 63.32.0.0/14 54.72.0.0/15 95.115.66.23 52.192.0.0/11 54.72.0.0/15 34.192.0.0/10 34.240.0.0/13 52.192.0.0/11 90.44.107.223 195.154.173.12 74.121.137.108) DROP',
+    rule => 'saddr (61.69.254.110 99.137.191.34 51.15.215.91 208.91.68.213 198.11.128.0/18 159.226.95.0/24 84.204.194.0/24 211.13.205.0/24 95.115.66.23 90.44.107.223 195.154.173.12 74.121.137.108) DROP',
   }
 
   # rate limit accesses.  The chain is set up by the apache module and allow happens at prio 90.