On Thu, 01 Nov 2018, Noah Meyerhans wrote:
> It was pointed out on IRC that this is intentional, per
> https://salsa.debian.org/dsa-team/mirror/dsa-puppet/blob/master/modules/roles/manifests/snapshot_web.pp
>
> IMO blocking random (and large) chunks of EC2 is not a good idea, as the
> collateral impact is potentially huge. I'd like to suggest a more
> targeted way of throttling individual clients that doesn't have such
> broad impact. The iptables connlimit module comes to mind, but there are
> undoubtedly other options.
It's not random. Still, I agree that blocking large chunks is not
ideal.
We would welcome you working with us on finding actual rate limiting
configurations that work. So far, many have suggested but nobody has
actually delivered anything.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
