Use ipsets for the firewall

2022-08-30 07:22:53 -05:00
parent 2fdf1d7a25
commit 621ae59e63
8 changed files with 235 additions and 111 deletions
--- a/roles/firewall/defaults/main.yaml
+++ b/roles/firewall/defaults/main.yaml
@ -2,6 +2,7 @@
 firewall_iptables_rules_v4: /etc/iptables/rules.v4-tmp
 firewall_iptables_rules_v6: /etc/iptables/rules.v6-tmp

+firewall_ipset: /etc/iptables/ipset-tmp
 firewall_ipset_v4: /etc/iptables/ipset.v4-tmp
 firewall_ipset_v6: /etc/iptables/ipset.v6-tmp

@ -68,7 +69,7 @@ firewall_log_limit: 3/min
 firewall_log_limit_burst: 10

 firewall_limit_ssh: true
-firewall_limit_ssh_seconds: 60
+firewall_limit_ssh_seconds: 600
 firewall_limit_ssh_hitcount: 10

 firewall_bogon_interface: "{{ ansible_default_ipv4.interface }}"