Add tighter firewall ratelimits
This commit is contained in:
parent
ec990cd379
commit
20aa4addc1
|
@ -3,7 +3,7 @@
|
|||
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2022.02.04.05
|
||||
pkgver=2022.03.10.01
|
||||
pkgrel=0
|
||||
options="!check" # check requires root?
|
||||
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
iifname "eth0" limit rate 10 mbytes/second burst 100 mbytes ct state new meter global4 { ip saddr timeout 10m limit rate over 1/second burst 30 packets } update @blackhole4 { ip saddr } counter;
|
||||
iifname "eth0" limit rate 10 mbytes/second burst 100 mbytes ct state new meter global6 { ip6 saddr timeout 10m limit rate over 1/second burst 30 packets } update @blackhole6 { ip6 saddr } counter;
|
||||
iifname "eth0" ct state new meter global4 { ip saddr timeout 6h limit rate over 20/minute burst 60 packets } update @blackhole4 { ip saddr } counter;
|
||||
iifname "eth0" ct state new meter global6 { ip6 saddr timeout 6h limit rate over 20/minute burst 60 packets } update @blackhole6 { ip6 saddr } counter;
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
tcp dport { 143, 993 } ct state new meter dovecot4 { ip saddr timeout 10m limit rate over 4/minute burst 10 packets } update @blackhole4 { ip saddr } counter;
|
||||
tcp dport { 143, 993 } ct state new meter dovecot6 { ip6 saddr timeout 10m limit rate over 4/minute burst 10 packets } update @blackhole6 { ip6 saddr } counter;
|
||||
tcp dport { 143, 993 } ct state new meter dovecot4 { ip saddr timeout 1h limit rate over 2/minute burst 20 packets } update @blackhole4 { ip saddr } counter;
|
||||
tcp dport { 143, 993 } ct state new meter dovecot6 { ip6 saddr timeout 1h limit rate over 2/minute burst 20 packets } update @blackhole6 { ip6 saddr } counter;
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
tcp dport { 25, 465, 587 } ct state new meter postfix4 { ip saddr timeout 10m limit rate over 4/minute burst 20 packets } update @blackhole4 { ip saddr } counter;
|
||||
tcp dport { 25, 465, 587 } ct state new meter postfix6 { ip6 saddr timeout 10m limit rate over 4/minute burst 20 packets } update @blackhole6 { ip6 saddr } counter;
|
||||
tcp dport { 25, 465, 587 } ct state new meter postfix4 { ip saddr timeout 1h limit rate over 2/minute burst 20 packets } update @blackhole4 { ip saddr } counter;
|
||||
tcp dport { 25, 465, 587 } ct state new meter postfix6 { ip6 saddr timeout 1h limit rate over 2/minute burst 20 packets } update @blackhole6 { ip6 saddr } counter;
|
||||
|
|
Loading…
Reference in New Issue