Changed UFW from Allow to Limit for inbound connection throttling

setup/functions.sh

@@ -132,6 +132,14 @@ function ufw_allow {
 	fi
 }
 
+# Adds a limit rule allowing 6 in 30 sec
+function ufw_limit {
+	if [ -z "$DISABLE_FIREWALL" ]; then
+		# ufw has completely unhelpful output
+		ufw limit $1 > /dev/null;
+	fi
+}
+
 function restart_service {
 	hide_output service $1 restart
 }

setup/mail-dovecot.sh

@@ -200,11 +200,11 @@ mkdir -p $STORAGE_ROOT/mail/sieve/global_after
 chown -R mail.mail $STORAGE_ROOT/mail/sieve
 
 # Allow the IMAP/POP ports in the firewall.
-ufw_allow imaps
+ufw_limit imaps
-ufw_allow pop3s
+ufw_limit pop3s
 
 # Allow the Sieve port in the firewall.
-ufw_allow sieve
+ufw_limit sieve
 
 # Restart services.
 restart_service dovecot

setup/system.sh

@@ -229,7 +229,7 @@ if [ -z "$DISABLE_FIREWALL" ]; then
 	apt_install ufw
 
 	# Allow incoming connections to SSH.
-	ufw_allow ssh;
+	ufw_limit ssh;
 
 	# ssh might be running on an alternate port. Use sshd -T to dump sshd's #NODOC
 	# settings, find the port it is supposedly running on, and open that port #NODOC
@@ -239,7 +239,7 @@ if [ -z "$DISABLE_FIREWALL" ]; then
 	if [ "$SSH_PORT" != "22" ]; then
 
 	echo Opening alternate SSH port $SSH_PORT. #NODOC
-	ufw_allow $SSH_PORT #NODOC
+	ufw_limit $SSH_PORT #NODOC
 
 	fi
 	fi

setup/web.sh

@@ -106,6 +106,6 @@ restart_service nginx
 restart_service php5-fpm
 
 # Open ports.
-ufw_allow http
+ufw_limit http
-ufw_allow https
+ufw_limit https