jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-29 10:45:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-01-12 10:14

Browse Source
This commit is contained in:
Daniel Berteaud
2022-01-12 10:14:43 +01:00
parent 898ae43de4
commit e73f05f073
22 changed files with 61 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
roles/ssh/tasks/iptables.yml
View File

@@ -4,9 +4,14 @@
iptables_raw:
name: sshd_limit
rules: |
-A INPUT -p tcp -m state --state NEW -m multiport --dports {{ sshd_ports | join(',') }} -m recent --name ssh_limit --set
-A INPUT -p tcp -m state --state NEW -m multiport --dports {{ sshd_ports | join(',') }} -m recent --name ssh_limit --rcheck --seconds 60 --hitcount {{ sshd_max_conn_per_minute }} -j LOG --log-prefix "Firewall (ssh limit): "
-A INPUT -p tcp -m state --state NEW -m multiport --dports {{ sshd_ports | join(',') }} -m recent --name ssh_limit --rcheck --seconds 60 --hitcount {{ sshd_max_conn_per_minute }} -j REJECT
-N SSH_LIMIT
{% if trusted_ip is defined and trusted_ip | length > 0 %}
-A SSH_LIMIT -s {{ trusted_ip | join(',') }} -j RETURN
{% endif %}
-A SSH_LIMIT -m recent --name ssh_limit --set
-A SSH_LIMIT -m recent --name ssh_limit --rcheck --seconds 60 --hitcount {{ sshd_max_conn_per_minute }} -j LOG --log-prefix "Firewall (ssh limit): "
-A SSH_LIMIT -m recent --name ssh_limit --rcheck --seconds 60 --hitcount {{ sshd_max_conn_per_minute }} -j REJECT
-A INPUT -p tcp -m state --state NEW -m multiport --dports {{ sshd_ports | join(',') }} -j SSH_LIMIT
state: "{{ (sshd_max_conn_per_minute > 0) | ternary('present','absent') }}"
weight: 10
tags: ssh,firewall