jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-29 10:45:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-13 19:00

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-13 19:00:18 +01:00
parent c699767808
commit e43d9bc96c
14 changed files with 185 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
roles/ssh/tasks/iptables.yml Normal file
View File

@@ -0,0 +1,19 @@
---
- name: Apply rate limits
iptables_raw:
name: sshd_limit
rules: |
-A INPUT -p tcp -m state --state NEW -m multiport --dports {{ sshd_ports | join(',') }} -m recent --name ssh_limit --set
-A INPUT -p tcp -m state --state NEW -m multiport --dports {{ sshd_ports | join(',') }} -m recent --name ssh_limit --rcheck --seconds 60 --hitcount {{ sshd_max_conn_per_minute }} -j LOG --log-prefix "Firewall (ssh limit): "
-A INPUT -p tcp -m state --state NEW -m multiport --dports {{ sshd_ports | join(',') }} -m recent --name ssh_limit --rcheck --seconds 60 --hitcount {{ sshd_max_conn_per_minute }} -j REJECT
state: "{{ (sshd_max_conn_per_minute > 0) | ternary('present','absent') }}"
weight: 10
tags: ssh,firewall
- name: Handle ssh ports
iptables_raw:
name: sshd_ports
state: "{{ (sshd_src_ip is defined and sshd_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state new -p tcp -m multiport --dports {{ sshd_ports | join(',') }} -s {{ sshd_src_ip | flatten | join(',') }} -j ACCEPT"
tags: ssh,firewall