![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-ops] Implement Spamhaus DROP list
[commit: http://hg.dwscoalition.org/dw-ops/rev/5ce5fa81e4cf]
http://bugs.dwscoalition.org/show_bug.cgi?id=1319
Spamhaus drop list needed only on machines with ports open
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
alierak.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=1319
Spamhaus drop list needed only on machines with ports open
Patch by
alierak.Files modified:
- puppet/modules/iptables/templates/dreamwidth.erb
--------------------------------------------------------------------------------
diff -r dec97ed3ad7d -r 5ce5fa81e4cf puppet/modules/iptables/templates/dreamwidth.erb
--- a/puppet/modules/iptables/templates/dreamwidth.erb Wed Jul 15 06:26:12 2009 +0000
+++ b/puppet/modules/iptables/templates/dreamwidth.erb Thu Jul 16 22:52:17 2009 +0000
@@ -62,6 +62,7 @@
-A INPUT -s 10.176.74.79 -j ACCEPT
-A INPUT -s 10.176.74.80 -j ACCEPT
+<% if has_variable?("allowed_ports") && !allowed_ports.empty? -%>
# Discards all traffic to/from netblocks on Spamhaus drop list
# ( see http://www.spamhaus.org/drop/ )
<% droplist = scope.function_template('iptables/spamhaus-drop.erb');
@@ -70,6 +71,7 @@
-A OUTPUT -d <%= dropnet.chomp %> -j DROP
<% end -%>
+<% end -%>
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
--------------------------------------------------------------------------------