From aede84b8ff239f0583d9c86668e3e686ed536a73 Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Fri, 9 Mar 2018 14:54:43 +0800
Subject: security/pf: improve <bruteforce> overload rule

---
 host_vars/vultr | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'host_vars/vultr')

diff --git a/host_vars/vultr b/host_vars/vultr
index f6220ef..914a4d5 100644
--- a/host_vars/vultr
+++ b/host_vars/vultr
@@ -16,6 +16,12 @@ network:
     address: 2001:19f0:5:3166::c0f:fee
     prefixlen: 64
 
+pf:
+  # number of simulataneous connections allowed from one host
+  max_conn: 100
+  # rate of new connections allowed from one host
+  max_conn_rate: 15/5  # 15 of connections per 5 seconds
+
 domains:
   - name: liwt.net
     # sub-domains for which to request certificates
-- 
cgit v1.2.2