From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 6 Jul 2018 09:38:38 +0000 (+0200)
Subject: drop things from 66.170.99.[12]
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-puppet.git;a=commitdiff_plain;h=46ea9bb4bf14c39be3fc2c7029efa14272467822

drop things from 66.170.99.[12]
---

diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp
index eafe92436..c3a8c749d 100644
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -3,6 +3,15 @@ class roles::security_tracker {
 	include apache2::proxy_http
 	include apache2::expires
 
+	# security-tracker abusers
+	#  66.170.99.1  20189796 excessive number of requests
+	#  66.170.99.2  20189796 excessive number of requests
+	@ferm::rule { 'dsa-sectracker-abusers':
+		prio  => "000",
+		rule  => "saddr (66.170.99.1 66.170.99.2) DROP",
+	}
+
+
 	ssl::service { 'security-tracker.debian.org':
 		notify  => Exec['service apache2 reload'],
 		key => true,