Merge branch 'master' of github.com:domify/registry

2025-05-17 17:59:47 +02:00 · 2015-05-26 18:01:19 +03:00 · 2015-05-26 18:01:19 +03:00 · 19742b2da5
commit 19742b2da5
parent 8f109718c7 cb136ee5ae
4 changed files with 16 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,6 @@
 25.05.2015

+* Added iptables counter commant to application-example.yml
 * Add update application.yml with correct `sk_digi_doc_service_endpoint`

 22.05.2015
--- a/app/controllers/epp_controller.rb
+++ b/app/controllers/epp_controller.rb
@ -98,6 +98,7 @@ class EppController < ApplicationController
    @response = render_to_string(*args)
    render xml: @response
    write_to_epp_log
+    iptables_counter_update
  end

  # VALIDATION
@ -282,4 +283,8 @@ class EppController < ApplicationController
  end
  # rubocop: enable Metrics/PerceivedComplexity
  # rubocop: enable Metrics/CyclomaticComplexity
+
+  def iptables_counter_update
+    `ENV['iptables_counter_update_command']` if ENV['iptables_counter_update_command'].present?
+  end
 end
--- a/config/application-example.yml
+++ b/config/application-example.yml
@ -9,6 +9,7 @@ legal_documents_dir: 'import/legal_documents'
 # Example: 'Admin, EPP, REPP' will have name 'Admin, EPP, REPP - production' at New Relic.
 new_relic_app_name: 'Admin, EPP, REPP, Registrar, Registrant'

+
 # You can use `rake secret` to generate a secure secret key.
 # Your secret key is used for verifying the integrity of signed cookies.
 # If you change this key, all old signed cookies will become invalid!
@ -29,6 +30,9 @@ webclient_cert_common_name: 'webclient'
 # and returns 2306 "Parameter value policy error"
 contact_org_enabled: 'false'

+# Firewall countrer update command
+# iptables_counter_update_command: ''
+
 # DEPP server configuration (both for Registrar/Registrant servers)
 show_ds_data_fields: 'false'
 default_nameservers_count: '2'
--- a/doc/debian_build_doc.md
+++ b/doc/debian_build_doc.md
@ -64,10 +64,10 @@ IPT=/sbin/iptables
 SECONDS=60
 # Max connections per IP
 BLOCKCOUNT=100
-# default action can be DROP or REJECT
+# default action can be DROP or REJECT or something else.
 DACTION="REJECT"
 $IPT -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
-$IPT -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}
+$IPT -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --rcheck --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}
 ````

 #### EPP
@ -80,10 +80,10 @@ IPT=/sbin/iptables
 SECONDS=60
 # Max connections per IP
 BLOCKCOUNT=100
-# default action can be DROP or REJECT
+# default action can be DROP or REJECT or something else.
 DACTION="REJECT"
 $IPT -A INPUT -p tcp --dport 700 -i eth0 -m state --state NEW -m recent --set
-$IPT -A INPUT -p tcp --dport 700 -i eth0 -m state --state NEW -m recent --update --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}
+$IPT -A INPUT -p tcp --dport 700 -i eth0 -m state --state NEW -m recent --rcheck --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}
 ````

 #### Whois
@ -96,9 +96,9 @@ IPT=/sbin/iptables
 SECONDS=60
 # Max connections per IP
 BLOCKCOUNT=100
-# default action can be DROP or REJECT
+# default action can be DROP or REJECT or something else.
 DACTION="REJECT"
 $IPT -A INPUT -p tcp --dport 43 -i eth0 -m state --state NEW -m recent --set
-$IPT -A INPUT -p tcp --dport 43 -i eth0 -m state --state NEW -m recent --update --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}
+$IPT -A INPUT -p tcp --dport 43 -i eth0 -m state --state NEW -m recent --rcheck --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}
 ````