X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fferm%2Ffiles%2Fferm.conf;h=5f77ce48530fb0a42ce3e63f195229299b8764f1;hb=430f438a0312c6d9a3f85470effce83d168ea7ed;hp=a88d797c0bd4bdef6d95aa1a3d965168a6d9f44b;hpb=64a21cac5ec18a35ff2e4f61d7e645ff1ad13961;p=dsa-puppet.git diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf index a88d797c..5f77ce48 100644 --- a/modules/ferm/files/ferm.conf +++ b/modules/ferm/files/ferm.conf @@ -16,8 +16,8 @@ domain ip { } chain log_or_drop { - mod hashlimit hashlimit-name ulogreject hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second jump log_and_reject; - mod hashlimit hashlimit-name uloglogdrop hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second ULOG ulog-prefix "DROP: "; + mod hashlimit hashlimit-name ulogreject hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second jump log_and_reject; + mod hashlimit hashlimit-name uloglogdrop hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second ULOG ulog-prefix "DROP: "; DROP; } @@ -32,8 +32,8 @@ domain ip6 { } chain log_or_drop { - mod hashlimit hashlimit-name logreject hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second jump log_and_reject; - mod hashlimit hashlimit-name loglogdrop hashlimit-mode srcip hashlimit-burst 30 hashlimit 15/second LOG log-prefix "DROP: "; + mod hashlimit hashlimit-name logreject hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second jump log_and_reject; + mod hashlimit hashlimit-name loglogdrop hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second LOG log-prefix "DROP: "; DROP; } } @@ -63,4 +63,7 @@ domain (ip ip6) { jump log_or_drop; } } + +@hook post "umask 0177; iptables-save | sed -e 's/\[.*//' -e 's/^#.*//' | sha256sum > /var/run/iptables-ferm.checksum"; +@hook post "umask 0177; ip6tables-save | sed -e 's/\[.*//' -e 's/^#.*//' | sha256sum > /var/run/ip6tables-ferm.checksum"; # vim:set et: