Files
@ 4a3c8915f967
Branch filter:
Location: majic-ansible-roles/roles/common/templates/00-base.conf.j2 - annotation
4a3c8915f967
1.4 KiB
text/plain
MAR-80: Added support to wsgi_website and php_website roles to specify list of e-mails or accounts that should receive mails delivered to role's administrator/application users. Updated application users in both roles to use same home directory as the admin. Added .keep file for docs/_static in order to avoid warnings when building documentation.
941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 | table filter {
chain INPUT {
policy DROP;
interface lo ACCEPT;
# Make sure not to allow flooding via ICMP ping packages by sending them
# to flood chain before state module kicks in.
proto icmp icmp-type echo-request jump flood;
mod state state (ESTABLISHED RELATED) ACCEPT;
# For TCP packages we perform floods checks after state module took care
# of established and related connections.
proto tcp tcp-flags (FIN SYN RST ACK) SYN jump flood;
# Accept some common incoming connections.
proto icmp icmp-type echo-request ACCEPT;
proto tcp dport 22 ACCEPT;
}
# The flood chain is used for controlling the rate of the incoming connections.
chain flood {
# Rate-limit the ping requests.
proto icmp icmp-type echo-request {
mod hashlimit hashlimit {{ incoming_connection_limit }} hashlimit-burst {{ incoming_connection_limit_burst }}
hashlimit-mode srcip hashlimit-name icmp RETURN;
DROP;
}
# Rate-limit the TCP connections.
proto tcp tcp-flags (FIN SYN RST ACK) SYN {
mod hashlimit hashlimit {{ incoming_connection_limit }} hashlimit-burst {{ incoming_connection_limit_burst }}
hashlimit-mode srcip hashlimit-name icmp RETURN;
LOG;
DROP;
}
}
}
|