Browse Source
feat(pillar.example,test/): add example and test for richrule ratelimit
Document and test the accept rate limiting of the rich rule. Signed-off-by: Arnaud Patard <apatard@hupstream.com>tags/v1.2.0
Arnaud Patard
3 years ago
14 changed files with 99 additions and 0 deletions
+ 8
- 0
pillar.example
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| ports: | ports: | ||||
| # {%- if grains['id'] == 'salt.example.com' %} | # {%- if grains['id'] == 'salt.example.com' %} | ||||
| - comment: salt-master | - comment: salt-master |
+ 7
- 0
test/integration/default/controls/zones_spec.rb
View File
| <source ipset="fail2ban-ssh" /> | <source ipset="fail2ban-ssh" /> | ||||
| <reject type="icmp-port-unreachable" /> | <reject type="icmp-port-unreachable" /> | ||||
| </rule> | </rule> | ||||
| <rule> | |||||
| <service name="http" /> | |||||
| <log prefix="http fw limit 3/m" level="warning"> | |||||
| <limit value="3/m"/> | |||||
| </log> | |||||
| <accept> <limit value="3/m"/></accept> | |||||
| </rule> | |||||
| </zone> | </zone> | ||||
| ZONE_XML | ZONE_XML | ||||
| end | end |
+ 7
- 0
test/integration/default/files/_mapdata/amazonlinux-2.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
+ 7
- 0
test/integration/default/files/_mapdata/arch-base-latest.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
+ 7
- 0
test/integration/default/files/_mapdata/centos-7.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
+ 7
- 0
test/integration/default/files/_mapdata/centos-8.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
+ 7
- 0
test/integration/default/files/_mapdata/debian-10.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
+ 7
- 0
test/integration/default/files/_mapdata/debian-9.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
+ 7
- 0
test/integration/default/files/_mapdata/fedora-31.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
+ 7
- 0
test/integration/default/files/_mapdata/fedora-32.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
+ 7
- 0
test/integration/default/files/_mapdata/opensuse-15.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-16.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-18.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-20.yaml
View File
| name: fail2ban-ssh | name: fail2ban-ssh | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| - accept: | |||||
| limit: "3/m" | |||||
| log: | |||||
| level: warning | |||||
| limit: "3/m" | |||||
| prefix: "http fw limit 3/m" | |||||
| service: http | |||||
| services: | services: | ||||
| - http | - http | ||||
| - https | - https |
Loading…