Add SSH brute force and ICMP flood limitting, other improvements

2019-08-27 05:35:14 +00:00
parent fea57842e7
commit 39b526a6a4
3 changed files with 59 additions and 52 deletions
--- a/roles/firewall/defaults/main.yaml
+++ b/roles/firewall/defaults/main.yaml
@ -35,8 +35,9 @@ firewall_allowed_udp_ports: {}
 firewall_log_limit: 3/min
 firewall_log_limit_burst: 10

-firewall_limit_seconds: 60
-firewall_limit_hitcount: 10
+firewall_limit_ssh: true
+firewall_limit_ssh_seconds: 60
+firewall_limit_ssh_hitcount: 10

 firewall_bogon_interface: "{{ ansible_default_ipv4.interface }}"