projects / feed / packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 930223c)
tunneldigger-broker: add rate-limit hook
authorPerry Melange <isprotejesvalkata@gmail.com>
Thu, 17 Aug 2023 20:45:19 +0000 (22:45 +0200)
committerNick Hainke <vincent@systemli.org>
Wed, 23 Aug 2023 11:46:32 +0000 (13:46 +0200)
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
(cherry picked from commit 0d1085fe9eae61d96ae69c80d3e44a9f36e21cb7)

net/tunneldigger-broker/files/hook-connection-rate-limit [new file with mode: 0755] patch | blob

diff --git a/net/tunneldigger-broker/files/hook-connection-rate-limit b/net/tunneldigger-broker/files/hook-connection-rate-limit
new file mode 100755 (executable)
index 0000000..813c380
--- /dev/null
+++ b/net/tunneldigger-broker/files/hook-connection-rate-limit
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+ENDPOINT_IP="$1"
+ENDPOINT_PORT="$2"
+UUID="$3"
+
+# This assumes that an ipset was created with something like
+# ```
+# ipset create create tunneldigger_blocked hash:ip family inet timeout 300
+# ```
+# and that a firewall rule like the following uses the ipset to block connections:
+# ```
+# -A INPUT -m set --match-set tunneldigger_blocked src -j DROP
+# ```
+
+#ipset add tunneldigger_blocked "$ENDPOINT_IP"
Mirror of packages feed