From 46ea9bb4bf14c39be3fc2c7029efa14272467822 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 6 Jul 2018 11:38:38 +0200
Subject: [PATCH] drop things from 66.170.99.[12]

---
 modules/roles/manifests/security_tracker.pp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp
index eafe92436..c3a8c749d 100644
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -3,6 +3,15 @@ class roles::security_tracker {
 	include apache2::proxy_http
 	include apache2::expires
 
+	# security-tracker abusers
+	#  66.170.99.1  20189796 excessive number of requests
+	#  66.170.99.2  20189796 excessive number of requests
+	@ferm::rule { 'dsa-sectracker-abusers':
+		prio  => "000",
+		rule  => "saddr (66.170.99.1 66.170.99.2) DROP",
+	}
+
+
 	ssl::service { 'security-tracker.debian.org':
 		notify  => Exec['service apache2 reload'],
 		key => true,
-- 
2.20.1