From: Perry Melange <redacted>
Date: Thu, 17 Aug 2023 20:45:19 +0000 (+0200)
Subject: tunneldigger-broker: add rate-limit hook
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=0d1085fe9eae61d96ae69c80d3e44a9f36e21cb7;p=openwrt-packages.git

tunneldigger-broker: add rate-limit hook

Signed-off-by: Perry Melange <redacted>
---

diff --git a/net/tunneldigger-broker/files/hook-connection-rate-limit b/net/tunneldigger-broker/files/hook-connection-rate-limit
new file mode 100755
index 000000000..813c38029
--- /dev/null
+++ b/net/tunneldigger-broker/files/hook-connection-rate-limit
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+ENDPOINT_IP="$1"
+ENDPOINT_PORT="$2"
+UUID="$3"
+
+# This assumes that an ipset was created with something like
+# ```
+# ipset create create tunneldigger_blocked hash:ip family inet timeout 300
+# ```
+# and that a firewall rule like the following uses the ipset to block connections:
+# ```
+# -A INPUT -m set --match-set tunneldigger_blocked src -j DROP
+# ```
+
+#ipset add tunneldigger_blocked "$ENDPOINT_IP"