Need help translating rate limiting iptables rules to Puppet format

Question

I use Puppet Iptables module to manage Iptables rules on my machine. I'd like to implement to rate limit failed SSH connections as described here:

iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 5 --name SSH --rsource -j DROP 
iptables -A INPUT -p tcp --dport 22 -m recent --set --name SSH --rsource -j ACCEPT

Is it possible to translate it to Puppet syntax, such as

firewall { '015 drop 5 failed attemps to connect to SSH in a minute ':
   proto   => 'tcp',
   port    => 22,
   action  => 'drop',
   // what are the other paramters ?
}

score 1 · Accepted Answer · answered Aug 19 '14 at 22:14

The puppetlabs-firewall module tries hard to support all iptabels arguements. The recent specific arguements are prefixed with a single r, e.g. rseconds instead of --seconds.

Try

firewall { '015 drop 5 failed attemps to connect to SSH in a minute ':
    proto   => 'tcp',
    port    => 22,
    action  => 'drop',
    recent  => 'update',
    rseconds  => '60',
    rhitcount => '5',
    rname     => 'SSH',
    rsource   => true,
}

Need help translating rate limiting iptables rules to Puppet format

1 Answers1