From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 19 Jul 2019 14:05:22 +0000 (+0200)
Subject: Block 198.108.67.48 from security mirrors for breaking rsync
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=afe8043a8dcc9ea09763565b40d9ba061b68ba36;p=mirror%2Fdsa-puppet.git

Block 198.108.67.48 from security mirrors for breaking rsync
---

diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp
index 20de54785..a949cfe39 100644
--- a/modules/roles/manifests/security_mirror.pp
+++ b/modules/roles/manifests/security_mirror.pp
@@ -1,6 +1,13 @@
 class roles::security_mirror {
 	include roles::archvsync_base
 
+	# security abusers
+	#  198.108.67.48 DoS against our rsync service
+	@ferm::rule { 'dsa-security-abusers':
+		prio  => "005",
+		rule  => "saddr ( 198.108.67.48/32 ) DROP",
+	}
+
 	$binds = $::hostname ? {
 		mirror-anu      => [ '150.203.164.61', '[2001:388:1034:2900::3d]' ],
 		mirror-isc      => [ '149.20.4.14', '[2001:4f8:1:c::14]' ],