WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-19 19:46:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

proxies: block a ip that was hitting release-monitoring.org a lot

Browse Source 
This ip had hit release-monitoring.org like 5,000,000 times in the
course of a few hours and swamped it's web pod.

Lets block it for now and see if anyone complains.
If this is you: please add some rate limiting.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
2026-02-13 08:46:24 -08:00
parent a943654af2
commit c4bdfcc897
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
inventory/group_vars/proxies
View File

@@ -84,6 +84,7 @@ nft_block_rules:
- 'add rule ip filter INPUT ip saddr 101.47.184.0/21 counter reject' - 'add rule ip filter INPUT ip saddr 101.47.184.0/21 counter reject'
- 'add rule ip filter INPUT ip saddr 101.47.185.0/24 counter reject' - 'add rule ip filter INPUT ip saddr 101.47.185.0/24 counter reject'
- 'add rule ip filter INPUT ip saddr 101.47.186.0/23 counter reject' - 'add rule ip filter INPUT ip saddr 101.47.186.0/23 counter reject'
- 'add rule ip filter INPUT ip saddr 34.159.191.146/32 counter reject'
nft_custom_rules: nft_custom_rules:
# Need for rsync from log01 for logs. # Need for rsync from log01 for logs.
- 'add rule ip filter INPUT ip saddr 10.16.163.39 tcp dport 873 counter accept' - 'add rule ip filter INPUT ip saddr 10.16.163.39 tcp dport 873 counter accept'