9d562c7188
Replace per-IP hashlimit with smarter filtering that distinguishes legitimate players from scanner bots based on packet behavior: - Players send varied packet sizes (53, 37, 1472 bytes) - Scanners only send 53-byte query packets New firewall rule chain: - Priority 2: Mark + ACCEPT non-query packets (verifies player) - Priority 3: ACCEPT queries from verified IPs (1 hour TTL) - Priority 4: LOG rate-limited queries from unverified IPs - Priority 5: DROP rate-limited queries (2 burst, then 1/hour) Also includes: - Fail2ban zomboid jail with tighter thresholds (5 retries/4h, 1w ban) - Graylog streams for zomboid-connections, zomboid-ratelimit, fail2ban - GeoIP pipeline enrichment for zomboid traffic - Fluent-bit inputs for ratelimit logs and fail2ban events - Remove Legendary Katana mod (Workshop 3418366499) - removed from Steam - Bump Immich to v2.5.0 - Fix fulfillr config (nil → null) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
10 lines
181 B
Plaintext
10 lines
181 B
Plaintext
[zomboid]
|
|
enabled = true
|
|
filter = zomboid
|
|
banaction = iptables-allports
|
|
backend = systemd
|
|
maxretry = 5
|
|
findtime = 4h
|
|
bantime = 1w
|
|
ignoreip = 127.0.0.1/32 192.168.1.0/24
|