From 0d1085fe9eae61d96ae69c80d3e44a9f36e21cb7 Mon Sep 17 00:00:00 2001 From: Perry Melange Date: Thu, 17 Aug 2023 22:45:19 +0200 Subject: [PATCH] tunneldigger-broker: add rate-limit hook Signed-off-by: Perry Melange --- .../files/hook-connection-rate-limit | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100755 net/tunneldigger-broker/files/hook-connection-rate-limit diff --git a/net/tunneldigger-broker/files/hook-connection-rate-limit b/net/tunneldigger-broker/files/hook-connection-rate-limit new file mode 100755 index 000000000..813c38029 --- /dev/null +++ b/net/tunneldigger-broker/files/hook-connection-rate-limit @@ -0,0 +1,17 @@ +#!/bin/bash +set -e + +ENDPOINT_IP="$1" +ENDPOINT_PORT="$2" +UUID="$3" + +# This assumes that an ipset was created with something like +# ``` +# ipset create create tunneldigger_blocked hash:ip family inet timeout 300 +# ``` +# and that a firewall rule like the following uses the ipset to block connections: +# ``` +# -A INPUT -m set --match-set tunneldigger_blocked src -j DROP +# ``` + +#ipset add tunneldigger_blocked "$ENDPOINT_IP"