From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 30 Oct 2018 09:45:11 +0000 (+0100)
Subject: move DROP blacklists to ferm prio 005, after munin
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=a7fa44d2c4bbcd3b21aced2e9c2a5db83014529a;p=mirror%2Fdsa-puppet.git

move DROP blacklists to ferm prio 005, after munin
---

diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp
index 0e94dd87e..8e60d7c1d 100644
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -11,7 +11,7 @@ class roles::security_tracker {
 	#  66.170.99.1  20180706 excessive number of requests
 	#  66.170.99.2  20180706 excessive number of requests
 	@ferm::rule { 'dsa-sectracker-abusers':
-		prio  => "000",
+		prio  => "005",
 		rule  => "saddr (66.170.99.1 66.170.99.2) DROP",
 	}
 
diff --git a/modules/roles/manifests/snapshot_web.pp b/modules/roles/manifests/snapshot_web.pp
index 1e7b44f56..56b1a44bd 100644
--- a/modules/roles/manifests/snapshot_web.pp
+++ b/modules/roles/manifests/snapshot_web.pp
@@ -22,7 +22,7 @@ class roles::snapshot_web {
 	# 20180821 mirroring
 	#  99.137.191.34
 	@ferm::rule { 'dsa-snapshot-abusers':
-		prio  => "000",
+		prio  => "005",
 		rule  => "saddr (61.69.254.110 18.128.0.0/9 3.120.0.0/14 35.156.0.0/14 52.58.0.0/15 99.137.191.34) DROP",
 	}