Commit b5f1fb49 authored by Gabriel Detraz's avatar Gabriel Detraz
Browse files

Limit à 400 connexions UDP par secondes, burst à 800 et 400 tcp par minute

parent 29f84e3b
......@@ -26,6 +26,7 @@ class firewall(base.firewall_routeur):
'filtrage_ports' : self.filtrage_ports,
'limitation_debit' : self.limitation_debit,
'limit_ssh_connexion' : self.limit_ssh_connexion,
'limit_connexion' : self.limit_connexion,
'tunnel_6in4' : self.tunnel_6in4,
'challenge_letsencrypt': self.challenge_letsencrypt,
})
......@@ -121,6 +122,7 @@ class firewall(base.firewall_routeur):
self.add(table, chain, '-j %s' % self.connexion_wififederez(table))
self.add(table, chain, '-j %s' % self.ingress_filtering(table))
self.add(table, chain, '-j %s' % self.limit_ssh_connexion(table, ttl=30, counter_name="SSH2"))
self.add(table, chain, '-j %s' % self.limit_connexion(table))
self.add(table, chain, '-i %s -j %s' % (dev['out'], self.filtrage_ports(table)))
self.add(table, chain, '-o %s -j %s' % (dev['out'], self.filtrage_ports(table)))
return
......@@ -170,6 +172,19 @@ class firewall(base.firewall_routeur):
self.apply(table, chain)
return chain
def limit_connexion(self, table=None, apply=False):
chain = 'LIMIT-CONNEXION'
if table == 'filter':
pretty_print(table, chain)
self.add(table, chain, '-p udp -m limit --limit 400/sec --limit-burst 800 -j RETURN')
self.add(table, chain, '-p tcp -m state --state NEW -m limit --limit 400/min --limit-burst 800 -j RETURN')
print OK
if apply:
self.apply(table, chain)
return chain
def test_mac_ip(self, table=None, fill_ipset=False, apply=False):
chain = super(self.__class__, self).test_mac_ip()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment