Mercurial > repos > other > Puppet
diff manifests/templates.pp @ 64:3bb824dabaae puppet-3.6
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
Less painful than I expected :)
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 13 Sep 2015 20:48:18 +0100 |
| parents | c2f66d0f2a43 |
| children | 33682e5b34fc |
line wrap: on
line diff
--- a/manifests/templates.pp Sun Sep 13 19:48:35 2015 +0100 +++ b/manifests/templates.pp Sun Sep 13 20:48:18 2015 +0100 @@ -84,6 +84,12 @@ } class { ['my_fw::pre', 'my_fw::post']: } class { 'firewall': } + firewall { '010 Whitelist Googlebot': + source => '66.249.64.0/19', + port => [80,443], + proto => tcp, + action => accept, + } firewallchain { 'GREATFIREWALLOFCHINA:filter:IPv4': ensure => present, } @@ -91,6 +97,13 @@ chain => 'INPUT', jump => 'GREATFIREWALLOFCHINA', } + firewallchain { 'Fail2Ban:filter:IPv4': + ensure => present, + } + firewall { '060 Check Fail2Ban': + chain => 'INPUT', + jump => 'Fail2Ban', + } firewall { '100 allow https and http': port => [80, 443], proto => tcp,