[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[elpa] externals/nftables-mode 16adfabcec 21/41: add reminder re IPv6 ra
From: |
Stefan Monnier |
Subject: |
[elpa] externals/nftables-mode 16adfabcec 21/41: add reminder re IPv6 ranges for SSH IPS |
Date: |
Mon, 23 May 2022 09:27:23 -0400 (EDT) |
branch: externals/nftables-mode
commit 16adfabcec88578dd590d0121ec54e4b5ebb3ff4
Author: Trent W. Buck <trentbuck@gmail.com>
Commit: Trent W. Buck <trentbuck@gmail.com>
add reminder re IPv6 ranges for SSH IPS
---
nftables-router.nft | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/nftables-router.nft b/nftables-router.nft
index de03904583..1ced5255b4 100644
--- a/nftables-router.nft
+++ b/nftables-router.nft
@@ -425,6 +425,10 @@ table inet my_filter {
##
## * postscreen covers smtp (25/tcp).
+ ## FIXME: per https://wiki.dovecot.org/Authentication/Penalty, we
+ ## should meter/block IPv6 sources by /48 instead of by single
address (as we do for IPv4).
+ ## Each corresponds to the typical allocation of a single ISP
subscriber.
+
chain my_IPS {
ct state != new return comment "Operate per-flow, not per-packet
(my_prologue guarantees this anyway)"
iiftype != ppp return comment "IPS only protects against attacks
from the internet"
- [elpa] externals/nftables-mode 70910dbc2a 35/41: Merge remote-tracking branch 'KB/master', (continued)
- [elpa] externals/nftables-mode 70910dbc2a 35/41: Merge remote-tracking branch 'KB/master', Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 109dfa382a 33/41: Remove "list ruleset" due to https://bugs.debian.org/982576, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 7f924acbac 37/41: basic README for github, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode a207b02bd6 40/41: Lightly edited, adding some of the normal conventions for .el files, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 1817c43fb9 02/41: Initial example nftables ruleset, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 242fae1e71 11/41: limit ICMP by type, tweak notes, expand on iif vs iifname, document "flush table" gotcha, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 794a6e6774 10/41: limit ICMP by type, tweak notes, expand on iif vs iifname, document "flush table" gotcha, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 8fcd04379c 08/41: bugfix and tweak, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode f00cf640fb 15/41: nftables - glob gotcha; HOW to rename ifaces; gateway (-i/-o) policy; mail reputation protection, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 6e908b1d67 17/41: Got the IPS working at last (inc IPv6), mua ha ha!, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 16adfabcec 21/41: add reminder re IPv6 ranges for SSH IPS,
Stefan Monnier <=
- [elpa] externals/nftables-mode 34ffd618ac 19/41: fixup! Got the IPS working at last (inc IPv6), mua ha ha!, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 166b789260 22/41: old comments, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 9bc4a6f589 25/41: Don't do "flush ruleset" (i.e. expect auxiliary tables w/ race conditions), Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 94f54f52ec 28/41: reference nftables ruleset, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 3fd8b3f79e 26/41: comment tweaks, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 760486c219 27/41: update note from sshguard, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 70b0e577a6 31/41: Debian doesn't have "pptp" in /etc/services, Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 20fa3d3a55 38/41: Oops, this was never under version control before., Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 869f14abf4 34/41: Initial import., Stefan Monnier, 2022/05/23
- [elpa] externals/nftables-mode 3a03651cda 39/41: Old changes that I forgot to commit, Stefan Monnier, 2022/05/23