From c53e891a4124c40c5167745cd8f89e9501827de6 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 21 Aug 2018 15:48:53 +0200
Subject: [PATCH 1/1] blacklist more amazon aws

---
 modules/roles/manifests/snapshot_web.pp | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/modules/roles/manifests/snapshot_web.pp b/modules/roles/manifests/snapshot_web.pp
index 8ffa4d87a..a965136bc 100644
--- a/modules/roles/manifests/snapshot_web.pp
+++ b/modules/roles/manifests/snapshot_web.pp
@@ -4,11 +4,24 @@ class roles::snapshot_web {
 
 	# snapshot abusers
 	#  61.69.254.110 - 20180705, mirroring with wget
-	#  18.185.157.46  - 20180821 large amount of requests way too fast
-	#  18.194.174.202 - 20180821 large amount of requests way too fast
+	# 20180821 large amount of requests way too fast from some amazon AWS instances
+	#  18.185.157.46
+	#  18.194.174.202
+	#  18.184.181.169
+	#  18.184.5.230
+	#  18.194.137.96
+	#  18.197.147.183
+	#  3.120.39.137
+	#  3.120.41.69
+	#  35.158.129.130
+	#  52.59.199.25
+	#  52.59.228.158
+	#  52.59.245.42
+	#  52.59.253.41
+	#  52.59.71.13
 	@ferm::rule { 'dsa-snapshot-abusers':
 		prio  => "000",
-		rule  => "saddr (61.69.254.110 18.185.157.46 18.194.174.202) DROP",
+		rule  => "saddr (61.69.254.110 18.185.157.46 18.194.174.202 18.184.181.169 18.184.5.230 18.194.137.96 18.197.147.183 3.120.39.137 3.120.41.69 35.158.129.130 52.59.199.25 52.59.228.158 52.59.245.42 52.59.253.41 52.59.71.13) DROP",
 	}
 
 	ensure_packages ( [
-- 
2.20.1