diff options
| -rw-r--r-- | etc/httpd.conf | 10 | ||||
| -rw-r--r-- | etc/pf.conf | 17 | ||||
| -rw-r--r-- | etc/pf.whitelist | 1 |
3 files changed, 28 insertions, 0 deletions
diff --git a/etc/httpd.conf b/etc/httpd.conf index ad66d69..93551a3 100644 --- a/etc/httpd.conf +++ b/etc/httpd.conf @@ -7,6 +7,16 @@ server "iwakura.page" { } } +server "iwakura.page" { + listen on * port 80 + root "/htdocs/iwakura.page" + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } + block return 301 "https://iwakura.page$REQUEST_URI" +} + server "www.iwakura.page" { listen on 127.0.0.1 port 8080 block return 301 "https://iwakura.page$REQUEST_URI" diff --git a/etc/pf.conf b/etc/pf.conf new file mode 100644 index 0000000..758a914 --- /dev/null +++ b/etc/pf.conf @@ -0,0 +1,17 @@ +# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $ +# +# See pf.conf(5) and /etc/examples/pf.conf +set skip on lo +table <bruteforce> persist +table <whitelist> persist file "/etc/pf.whitelist" +block return # block stateless traffic +pass # establish keep-state +block return in on ! lo0 proto tcp to port 6000:6010 +block return out log proto {tcp udp} user _pbuild +block drop in quick from <bruteforce> +pass in quick on egress from <whitelist> keep state +pass in on egress proto tcp to port { 80 443 } \ + keep state (max-src-conn 100, max-src-conn-rate 50/10, \ + overload <bruteforce> flush global) + +pass in on egress proto tcp to port { 6667 6697 } diff --git a/etc/pf.whitelist b/etc/pf.whitelist new file mode 100644 index 0000000..23ab4e8 --- /dev/null +++ b/etc/pf.whitelist @@ -0,0 +1 @@ +RE.PL.AC.EME |