mark: A photo of Mark kneeling on top of the Taal Volcano in the Philippines. It was a long hike. (Default)
Mark Smith ([staff profile] mark) wrote in [site community profile] changelog2010-04-08 02:29 pm
  • Add Memory
  • Share This Entry

[dw-ops] iptables connlimit, droplist update, and nagios will re-notify every half hour

[commit: http://hg.dwscoalition.org/dw-ops/rev/505efe4190a2]

iptables connlimit, droplist update, and nagios will re-notify every half
hour

Patch by [personal profile] alierak.

Files modified:
  • nagios/conf.d/generics/host.cfg
  • nagios/conf.d/generics/service.cfg
  • puppet/modules/iptables/templates/dreamwidth.erb
  • puppet/modules/iptables/templates/spamhaus-drop.erb
--------------------------------------------------------------------------------
diff -r fc8ad434eb48 -r 505efe4190a2 nagios/conf.d/generics/host.cfg
--- a/nagios/conf.d/generics/host.cfg	Tue Oct 20 18:29:44 2009 +0000
+++ b/nagios/conf.d/generics/host.cfg	Thu Apr 08 14:29:44 2010 +0000
@@ -25,7 +25,7 @@ define host{
     retain_nonstatus_information    1       ; Retain non-status information across program restarts
     check_command                   check-host-alive
     max_check_attempts              10
-    notification_interval           0
+    notification_interval           30
     notification_period             always
     notification_options            d,u,r
     contact_groups                  admins
diff -r fc8ad434eb48 -r 505efe4190a2 nagios/conf.d/generics/service.cfg
--- a/nagios/conf.d/generics/service.cfg	Tue Oct 20 18:29:44 2009 +0000
+++ b/nagios/conf.d/generics/service.cfg	Thu Apr 08 14:29:44 2010 +0000
@@ -27,7 +27,8 @@ define service{
     process_perf_data               1       ; Process performance data
     retain_status_information       1       ; Retain status information across program restarts
     retain_nonstatus_information    1       ; Retain non-status information across program restarts
-    notification_interval           0       ; Only send notifications on status change by default.
+    ;notification_interval           0       ; Only send notifications on status change by default.
+    notification_interval           30
     is_volatile                     0
     check_period                    always
     normal_check_interval           5
diff -r fc8ad434eb48 -r 505efe4190a2 puppet/modules/iptables/templates/dreamwidth.erb
--- a/puppet/modules/iptables/templates/dreamwidth.erb	Tue Oct 20 18:29:44 2009 +0000
+++ b/puppet/modules/iptables/templates/dreamwidth.erb	Thu Apr 08 14:29:44 2010 +0000
@@ -33,6 +33,9 @@
 -A OUTPUT -d <%= dropnet.chomp %> -j DROP
 <% end -%>
 
+# Per-host connection limit on port 80
+-A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 32 -j DROP
+
 <% end -%>
 # Accepts all established inbound connections
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
diff -r fc8ad434eb48 -r 505efe4190a2 puppet/modules/iptables/templates/spamhaus-drop.erb
--- a/puppet/modules/iptables/templates/spamhaus-drop.erb	Tue Oct 20 18:29:44 2009 +0000
+++ b/puppet/modules/iptables/templates/spamhaus-drop.erb	Thu Apr 08 14:29:44 2010 +0000
@@ -1,11 +1,11 @@ 110.44.0.0/20
+109.94.212.0/22
+109.95.112.0/22
 110.44.0.0/20
-115.166.64.0/19
 116.199.128.0/19
-117.103.40.0/21
-119.27.128.0/19
+117.104.168.0/22
 119.42.144.0/21
-120.143.128.0/21
 121.46.64.0/18
+128.168.0.0/16
 128.199.0.0/16
 132.232.0.0/16
 132.240.0.0/16
@@ -14,8 +14,10 @@ 138.43.0.0/16
 138.43.0.0/16
 139.167.0.0/16
 140.170.0.0/16
+143.135.0.0/16
 143.49.0.0/16
 148.178.0.0/16
+148.248.0.0/16
 150.141.0.0/16
 150.230.0.0/16
 152.147.0.0/16
@@ -24,36 +26,76 @@ 168.151.0.0/16
 168.151.0.0/16
 170.67.0.0/16
 187.16.192.0/19
-190.103.160.0/20
+188.130.250.0/23
+188.170.192.0/21
+188.170.216.0/21
+188.170.243.0/24
+188.210.240.0/20
+188.213.44.0/23
+188.240.0.0/20
+188.241.192.0/20
+188.241.194.0/23
+188.241.200.0/23
+188.241.202.0/23
+188.241.204.0/23
+188.241.249.0/24
 190.112.0.0/19
 192.160.44.0/24
+192.223.64.0/18
+192.26.25.0/24
+192.31.212.0/23
 192.43.153.0/24
 192.43.154.0/23
 192.43.156.0/22
 192.43.160.0/24
+192.43.175.0/24
+192.43.176.0/21
+192.43.184.0/24
 192.67.16.0/24
 192.86.85.0/24
+193.104.106.0/24
+193.104.110.0/24
+193.104.12.0/24
+193.104.153.0/24
+193.104.176.0/24
+193.104.22.0/24
+193.104.253.0/24
+193.104.27.0/24
+193.104.41.0/24
+193.104.94.0/24
+193.105.0.0/24
+193.105.141.0/24
+193.105.184.0/24
 193.110.136.0/24
 193.138.172.0/22
 193.142.244.0/24
 193.16.100.0/24
-193.19.120.0/23
+193.169.234.0/23
+193.169.250.0/23
 193.238.36.0/22
+193.27.246.0/23
 194.110.160.0/22
 194.116.146.0/23
 194.126.193.0/24
 194.143.130.0/23
 194.146.204.0/22
 194.165.4.0/23
+194.8.74.0/23
 195.114.8.0/23
+195.182.57.0/24
 195.225.176.0/22
 195.234.159.0/24
 195.238.242.0/24
+195.5.168.0/24
 195.74.88.0/23
+195.78.122.0/23
+195.88.190.0/23
+195.88.226.0/23
 195.88.32.0/23
-195.88.80.0/23
+195.93.184.0/23
+195.93.208.0/23
 195.95.151.0/24
-195.95.161.0/24
+195.95.155.0/24
 196.1.176.0/20
 196.32.216.0/21
 198.151.152.0/22
@@ -64,11 +106,14 @@ 199.166.200.0/22
 199.166.200.0/22
 199.245.138.0/24
 199.60.102.0/24
-200.14.120.0/21
+200.106.128.0/20
+200.115.112.0/21
+200.115.96.0/20
+200.123.224.0/20
+200.124.160.0/21
+200.22.0.0/16
 200.50.192.0/19
 201.71.0.0/20
-202.133.64.0/20
-202.6.176.0/20
 203.19.101.0/24
 203.31.88.0/23
 203.34.205.0/24
@@ -77,7 +122,6 @@ 204.13.32.0/21
 204.13.32.0/21
 204.236.0.0/19
 204.52.255.0/24
-204.86.116.0/22
 204.89.224.0/24
 205.210.137.0/24
 205.235.64.0/20
@@ -92,60 +136,104 @@ 208.82.136.0/21
 208.82.136.0/21
 208.84.96.0/21
 208.87.152.0/21
-209.145.192.0/18
+208.90.0.0/21
 209.165.224.0/20
 209.213.48.0/20
-213.181.80.0/20
+213.109.176.0/20
+213.109.208.0/20
+213.109.96.0/22
 216.243.240.0/20
 41.221.112.0/20
 58.83.12.0/22
 58.83.8.0/22
 62.122.32.0/21
+62.182.152.0/21
+64.15.0.0/20
 64.28.176.0/20
 66.206.32.0/22
 67.210.0.0/20
+67.211.208.0/20
 67.213.128.0/20
+67.218.208.0/20
 69.8.176.0/20
-69.80.0.0/17
+72.13.16.0/20
 72.2.176.0/20
 72.50.192.0/19
-74.112.184.0/22
 78.155.220.0/23
 78.157.128.0/19
+78.31.184.0/21
+79.110.16.0/20
 79.110.160.0/20
 79.110.176.0/20
-81.29.240.0/20
+79.110.48.0/20
+85.202.192.0/20
 85.255.112.0/20
 86.105.230.0/24
+88.135.64.0/20
+88.135.64.0/21
 88.214.211.0/24
 89.35.0.0/23
 91.196.232.0/22
+91.198.109.0/24
 91.199.112.0/24
+91.200.164.0/22
+91.200.248.0/22
+91.201.124.0/22
+91.201.196.0/22
+91.201.4.0/22
 91.203.92.0/22
+91.205.40.0/22
 91.207.116.0/23
 91.208.0.0/24
 91.208.162.0/24
+91.208.228.0/24
 91.209.14.0/24
+91.209.183.0/24
 91.209.184.0/24
 91.209.186.0/24
 91.209.48.0/24
 91.209.58.0/24
+91.210.172.0/22
+91.211.224.0/22
 91.211.64.0/22
 91.211.88.0/22
+91.212.107.0/24
 91.212.123.0/24
+91.212.132.0/24
+91.212.163.0/24
+91.212.201.0/24
+91.212.220.0/24
 91.212.45.0/24
 91.212.65.0/24
+91.213.121.0/24
 91.213.126.0/24
+91.213.174.0/24
 91.213.29.0/24
 91.213.33.0/24
-93.113.27.0/24
+91.213.72.0/24
+91.213.75.0/24
+91.213.93.0/24
+91.213.94.0/24
+93.118.0.0/20
 93.118.128.0/18
+93.118.96.0/20
+93.120.32.0/19
+93.168.18.0/23
+93.168.20.0/23
+93.168.22.0/23
+93.168.24.0/23
+93.175.240.0/20
 93.188.160.0/21
+94.126.176.0/21
+94.130.0.0/15
 94.154.0.0/18
 94.154.128.0/18
+94.154.64.0/18
+94.158.240.0/20
 94.232.248.0/21
-94.247.0.0/21
+94.48.0.0/18
 95.129.144.0/23
 95.129.146.0/24
+95.177.128.0/18
 95.215.192.0/22
-95.215.76.0/22
+95.216.0.0/15
--------------------------------------------------------------------------------