security/pf: improve <bruteforce> overload rule

author: Aaron LI <aly@aaronly.me> 2018-03-09 14:54:43 +0800
committer: Aaron LI <aly@aaronly.me> 2018-03-14 11:35:08 +0800
commit: aede84b8ff239f0583d9c86668e3e686ed536a73 (patch)
tree: 3e15eee8f9f97fe31e4743b3fe2dce941a70770f /host_vars/vultr
parent: 7fed657b7728d36a8635695afc147ebd5dda0830 (diff)
download: ansible-dfly-vps-aede84b8ff239f0583d9c86668e3e686ed536a73.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/host_vars/vultr b/host_vars/vultr
index f6220ef..914a4d5 100644
--- a/host_vars/vultr
+++ b/host_vars/vultr
@@ -16,6 +16,12 @@ network:
     address: 2001:19f0:5:3166::c0f:fee
     prefixlen: 64
 
+pf:
+  # number of simulataneous connections allowed from one host
+  max_conn: 100
+  # rate of new connections allowed from one host
+  max_conn_rate: 15/5  # 15 of connections per 5 seconds
+
 domains:
   - name: liwt.net
     # sub-domains for which to request certificates
author	Aaron LI <aly@aaronly.me>	2018-03-09 14:54:43 +0800
committer	Aaron LI <aly@aaronly.me>	2018-03-14 11:35:08 +0800
commit	aede84b8ff239f0583d9c86668e3e686ed536a73 (patch)
tree	3e15eee8f9f97fe31e4743b3fe2dce941a70770f /host_vars/vultr
parent	7fed657b7728d36a8635695afc147ebd5dda0830 (diff)
download	ansible-dfly-vps-aede84b8ff239f0583d9c86668e3e686ed536a73.tar.bz2