drop things from 66.170.99.[12]

author Peter Palfrader <peter@palfrader.org>

Fri, 6 Jul 2018 09:38:38 +0000 (11:38 +0200)

committer Peter Palfrader <peter@palfrader.org>

Fri, 6 Jul 2018 09:38:38 +0000 (11:38 +0200)
author Peter Palfrader <peter@palfrader.org>
Fri, 6 Jul 2018 09:38:38 +0000 (11:38 +0200)
committer Peter Palfrader <peter@palfrader.org>
Fri, 6 Jul 2018 09:38:38 +0000 (11:38 +0200)
diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp

index eafe924..c3a8c74 100644 (file)
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -3,6 +3,15 @@ class roles::security_tracker {
         include apache2::proxy_http
         include apache2::expires
  
+       # security-tracker abusers
+       #  66.170.99.1  20189796 excessive number of requests
+       #  66.170.99.2  20189796 excessive number of requests
+       @ferm::rule { 'dsa-sectracker-abusers':
+               prio  => "000",
+               rule  => "saddr (66.170.99.1 66.170.99.2) DROP",
+       }
+
+
         ssl::service { 'security-tracker.debian.org':
                 notify  => Exec['service apache2 reload'],
                 key => true,
author	Peter Palfrader <peter@palfrader.org>
	Fri, 6 Jul 2018 09:38:38 +0000 (11:38 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Fri, 6 Jul 2018 09:38:38 +0000 (11:38 +0200)