tunneldigger-broker: add rate-limit hook

author Perry Melange <redacted>

Thu, 17 Aug 2023 20:45:19 +0000 (22:45 +0200)

committer Nick Hainke <redacted>

Sun, 20 Aug 2023 00:25:27 +0000 (02:25 +0200)
author Perry Melange <redacted>
Thu, 17 Aug 2023 20:45:19 +0000 (22:45 +0200)
committer Nick Hainke <redacted>
Sun, 20 Aug 2023 00:25:27 +0000 (02:25 +0200)
diff --git a/net/tunneldigger-broker/files/hook-connection-rate-limit b/net/tunneldigger-broker/files/hook-connection-rate-limit

new file mode 100755 (executable)

index 0000000..813c380
--- /dev/null
+++ b/net/tunneldigger-broker/files/hook-connection-rate-limit
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+ENDPOINT_IP="$1"
+ENDPOINT_PORT="$2"
+UUID="$3"
+
+# This assumes that an ipset was created with something like
+# ```
+# ipset create create tunneldigger_blocked hash:ip family inet timeout 300
+# ```
+# and that a firewall rule like the following uses the ipset to block connections:
+# ```
+# -A INPUT -m set --match-set tunneldigger_blocked src -j DROP
+# ```
+
+#ipset add tunneldigger_blocked "$ENDPOINT_IP"
author	Perry Melange <redacted>
	Thu, 17 Aug 2023 20:45:19 +0000 (22:45 +0200)
committer	Nick Hainke <redacted>
	Sun, 20 Aug 2023 00:25:27 +0000 (02:25 +0200)