tunneldigger-broker: add rate-limit hook

Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
2025-12-21 23:34:31 +04:00 · 2023-08-17 22:45:19 +02:00
parent 49cdf15da4
commit 0d1085fe9e
1 changed files with 17 additions and 0 deletions
--- a/net/tunneldigger-broker/files/hook-connection-rate-limit
+++ b/net/tunneldigger-broker/files/hook-connection-rate-limit
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+ENDPOINT_IP="$1"
+ENDPOINT_PORT="$2"
+UUID="$3"
+
+# This assumes that an ipset was created with something like
+# ```
+# ipset create create tunneldigger_blocked hash:ip family inet timeout 300
+# ```
+# and that a firewall rule like the following uses the ipset to block connections:
+# ```
+# -A INPUT -m set --match-set tunneldigger_blocked src -j DROP
+# ```
+
+#ipset add tunneldigger_blocked "$ENDPOINT_IP"