mirror of
https://github.com/internetee/registry.git
synced 2025-08-01 23:42:04 +02:00
Merge branch 'master' of github.com:domify/registry
This commit is contained in:
commit
7facd58f31
98 changed files with 1811 additions and 36 deletions
|
@ -42,8 +42,7 @@ Please install following lib, otherwise your bundler install might not be succes
|
|||
|
||||
### Firewall rate limit config
|
||||
|
||||
First increase the maximum possible value for the hitcount parameter
|
||||
from its default value of 20 by setting the option
|
||||
First increase the maximum possible value form 20 to 100 of the hitcount parameter.
|
||||
ip_pkt_list_tot of the xt_recent kernel module.
|
||||
This can be done by creating an ip_pkt_list_tot.conf file in /etc/modeprobe.d/ which contains:
|
||||
|
||||
|
@ -53,7 +52,6 @@ options xt_recent ip_pkt_list_tot=100
|
|||
|
||||
Once the file is created, reload the xt_recent kernel module via modprobe -r xt_recent && modprobe xt_recent or reboot the system.
|
||||
|
||||
|
||||
#### Registrar, REPP, Restful-whois
|
||||
|
||||
````
|
||||
|
@ -70,22 +68,6 @@ $IPT -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
|
|||
$IPT -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --rcheck --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}
|
||||
````
|
||||
|
||||
#### EPP
|
||||
|
||||
````
|
||||
#!/bin/bash
|
||||
# Inspired and credits to Vivek Gite: http://www.cyberciti.biz/faq/iptables-connection-limits-howto/
|
||||
IPT=/sbin/iptables
|
||||
# Max connection in seconds
|
||||
SECONDS=60
|
||||
# Max connections per IP
|
||||
BLOCKCOUNT=100
|
||||
# default action can be DROP or REJECT or something else.
|
||||
DACTION="REJECT"
|
||||
$IPT -A INPUT -p tcp --dport 700 -i eth0 -m state --state NEW -m recent --set
|
||||
$IPT -A INPUT -p tcp --dport 700 -i eth0 -m state --state NEW -m recent --rcheck --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}
|
||||
````
|
||||
|
||||
#### Whois
|
||||
|
||||
````
|
||||
|
@ -102,3 +84,30 @@ $IPT -A INPUT -p tcp --dport 43 -i eth0 -m state --state NEW -m recent --set
|
|||
$IPT -A INPUT -p tcp --dport 43 -i eth0 -m state --state NEW -m recent --rcheck --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}
|
||||
````
|
||||
|
||||
#### EPP
|
||||
|
||||
Iptables hitcounter is updated by application.
|
||||
|
||||
````
|
||||
#!/bin/bash
|
||||
# Inspired and credits to Vivek Gite: http://www.cyberciti.biz/faq/iptables-connection-limits-howto/
|
||||
IPT=/sbin/iptables
|
||||
# Registrar handler
|
||||
REGISTRAR_CODE="test"
|
||||
# Max connection in seconds
|
||||
SECONDS=60
|
||||
# Max connections per IP
|
||||
BLOCKCOUNT=100
|
||||
# default action can be DROP or REJECT or something else.
|
||||
DACTION="REJECT"
|
||||
$IPT -A INPUT -p tcp --dport 700 -i eth0 -m state --state NEW -m recent --set
|
||||
$IPT -A INPUT -p tcp --dport 700 -m recent --name $REGISTRAR_CODE --rdest --rcheck --hitcount ${BLOCKCOUNT} --seconds ${SECONDS} -j ${DACTION}
|
||||
````
|
||||
|
||||
After adding iptable counters, please add correct permissions to proc files at path /proc/net/xt_recent
|
||||
|
||||
Example command:
|
||||
|
||||
````
|
||||
sudo chown registry /proc/net/xt_recent/*
|
||||
````
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue