[nftables] Add blackholes counters

monitoring.py

@@ -9,9 +9,9 @@ import time
 
 
 # CPU usage threshold in percent
-CPU_THRESHOLD = 35
+CPU_THRESHOLD = 50
 # Memory usage threshold in GB
-MEMORY_THRESHOLD = 2.75
+MEMORY_THRESHOLD = 3.25
 # Disk usage threshold in GB
 DISK_LOCAL_THRESHOLD = 25
 DISK_SMB_THRESHOLD = 120

roles/mailserver/templates/docker-compose.yaml

@@ -1,7 +1,7 @@
 services:  
   mailserver:
     container_name: mailserver
-    image: docker.io/stalwartlabs/mail-server:v0.9.3
+    image: docker.io/stalwartlabs/mail-server:v0.10.0
     restart: always
     user: "{{ users['mailserver'] }}:{{ users['mailserver'] }}"
     ports:

roles/nftables/templates/nftables.conf

@@ -41,15 +41,15 @@ table inet filter {
 		# Rate limiting
 		meta nfproto ipv4 meter ratelimit4 \
 			{ ip saddr limit rate over 75/second burst 15 packets } \
-			add @blackhole_ipv4 { ip saddr }
+			add @blackhole_ipv4 { ip saddr } counter
 		meta nfproto ipv6 meter ratelimit6 \
 			{ ip6 saddr limit rate over 75/second burst 15 packets } \
-			add @blackhole_ipv6 { ip6 saddr }
+			add @blackhole_ipv6 { ip6 saddr } counter
 		# Max concurrent connections
 		meta nfproto ipv4 meter connlimit4 \
-			{ ip saddr ct count over 100 } add @blackhole_ipv4 { ip saddr }
+			{ ip saddr ct count over 100 } add @blackhole_ipv4 { ip saddr } counter
 		meta nfproto ipv6 meter connlimit6 \
-			{ ip6 saddr ct count over 100 } add @blackhole_ipv6 { ip6 saddr }
+			{ ip6 saddr ct count over 100 } add @blackhole_ipv6 { ip6 saddr } counter
 
 		# Allow ICMP
 		meta l4proto icmp accept