Use generic ratelimiter and relax limit
This commit is contained in:
parent
170fc79261
commit
01f7a89269
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
. ../APKBUILD-config.template
|
. ../APKBUILD-config.template
|
||||||
|
|
||||||
pkgver=2022.06.07.01
|
pkgver=2022.06.17.01
|
||||||
pkgrel=0
|
pkgrel=0
|
||||||
options="!check" # check requires root?
|
options="!check" # check requires root?
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,3 @@
|
||||||
# Ban if connection attempts are still made over the limit
|
# Ban if connection attempts are still made over the limit
|
||||||
ct state new meter ban4 { ip saddr timeout 10m limit rate over 1/second burst 50 packets } update @blackhole4 { ip saddr timeout 1h } counter;
|
ct state new meter ban4 { ip saddr timeout 10m limit rate over 2/second burst 60 packets } update @blackhole4 { ip saddr timeout 1h } counter reject;
|
||||||
ct state new meter ban6 { ip6 saddr timeout 10m limit rate over 1/second burst 50 packets } update @blackhole6 { ip6 saddr timeout 1h } counter;
|
ct state new meter ban6 { ip6 saddr timeout 10m limit rate over 2/second burst 60 packets } update @blackhole6 { ip6 saddr timeout 1h } counter reject;
|
||||||
|
|
||||||
ct state new meter drop4 { ip saddr timeout 10m limit rate over 1/second } counter reject;
|
|
||||||
ct state new meter drop6 { ip6 saddr timeout 10m limit rate over 1/second } counter reject;
|
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
tcp dport { 143, 993 } ct state new meter dovecot4 { ip saddr timeout 1h limit rate over 2/minute burst 20 packets } update @blackhole4 { ip saddr timeout 1h } counter;
|
|
||||||
tcp dport { 143, 993 } ct state new meter dovecot6 { ip6 saddr timeout 1h limit rate over 2/minute burst 20 packets } update @blackhole6 { ip6 saddr timeout 1h } counter;
|
|
|
@ -1,2 +0,0 @@
|
||||||
tcp dport { 25, 465, 587 } ct state new meter postfix4 { ip saddr timeout 1h limit rate over 2/minute burst 20 packets } update @blackhole4 { ip saddr timeout 1h } counter;
|
|
||||||
tcp dport { 25, 465, 587 } ct state new meter postfix6 { ip6 saddr timeout 1h limit rate over 2/minute burst 20 packets } update @blackhole6 { ip6 saddr timeout 1h } counter;
|
|
Loading…
Reference in New Issue