The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com
firewall: Add support for "recent" iptables module
Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com
This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.
To allow for rate limiting SSH attampts for example:
/usr/sbin/iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set /usr/sbin/iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
#5 Updated by Jack Neely about 2 years ago
We require the recent module to rate limit by IP address connections to the SSH port. I’ve done some additional work that can be found here:
This is in production and appears to work with git head.
Also, the following helped a bunch to get all the bits in place.
#6 Updated by Ken Barber almost 2 years ago
- Status changed from Accepted to Closed
Hiya … I’ve fall behind a bit on all this work, also the bug tracker is moving to here: https://github.com/puppetlabs/puppet-firewall/issues I’ve managed to move what I still think is relevant and merge up items that are related. Consider this a slight declaration of ‘ticket debt’. If you think you’re issue isn’t represented in the new tracker feel free to open a new one.
Apologies for any confusion :–).
#7 Updated by Ken Barber almost 2 years ago
Sorry – the new URL is actually: http://github.com/puppetlabs/puppetlabs-firewall/issues … thanks @Wolfspyre.