DDoS防护增加单IP TCP新连接速率黑名单

web/public/js/components/ns/ns-node-ddos-protection-config-box.js

@@ -10,6 +10,7 @@ Vue.component("ns-node-ddos-protection-config-box", {
 					maxConnections: 0,
 					maxConnectionsPerIP: 0,
 					newConnectionsRate: 0,
+					denyNewConnectionsRate: 0,
 					allowIPList: [],
 					ports: []
 				}
@@ -24,6 +25,7 @@ Vue.component("ns-node-ddos-protection-config-box", {
 				maxConnections: 0,
 				maxConnectionsPerIP: 0,
 				newConnectionsRate: 0,
+				denyNewConnectionsRate: 0,
 				allowIPList: [],
 				ports: []
 			}
@@ -89,6 +91,31 @@ Vue.component("ns-node-ddos-protection-config-box", {
 				<p class="comment">单个IP可以创建TCP新连接的速率。如果为0，则默认为{{defaultConfigs.tcpNewConnectionsRate}}；最小值为{{defaultConfigs.tcpNewConnectionsMinRate}}。</p>
 			</td>
 		</tr>
+		<tr>
+			<td>单IP TCP新连接速率黑名单</td>
+			<td>
+				<div class="ui fields">
+					<div class="ui field">
+						<div class="ui input right labeled">
+							<span class="ui label">超过</span>
+							<digit-input name="tcpDenyNewConnectionsRate" v-model="config.tcp.denyNewConnectionsRate" maxlength="6" size="6" style="width: 6em" :min="defaultConfigs.tcpDenyNewConnectionsMinRate"></digit-input>
+							<span class="ui label">个新连接/每分钟</span>
+						</div>
+					</div>
+					<div class="ui field" style="line-height: 2.4em">
+						屏蔽
+					</div>
+					<div class="ui field">
+						<div class="ui input right labeled">
+							<digit-input name="tcpDenyNewConnectionsRateTimeout" v-model="config.tcp.denyNewConnectionsRateTimeout" maxlength="6" size="6" style="width: 5em"></digit-input>
+							<span class="ui label">秒</span>
+						</div>
+					</div>
+				</div>
+			
+				<p class="comment">单个IP可以如果在单位时间内创建的TCP连接数超过这个值，就自动加入到<code-label>nftables</code-label>黑名单中。如果为0，则默认为{{defaultConfigs.tcpDenyNewConnectionsRate}}；最小值为{{defaultConfigs.tcpDenyNewConnectionsMinRate}}；默认屏蔽{{defaultConfigs.tcpDenyNewConnectionsRateTimeout}}秒。</p>
+			</td>
+		</tr>
 		<tr>
 			<td>TCP端口列表</td>
 			<td>