+
+ # traffic shaping http traffic
+ #@ferm::rule { 'dsa-security-tracker-shape':
+ # table => 'mangle',
+ # chain => 'OUTPUT',
+ # rule => "proto tcp sport 443 MARK set-mark 20",
+ #}
+
+ file { '/usr/local/sbin/traffic-shape':
+ mode => '0755',
+ content => template('roles/security-tracker/traffic-shape'),
+ notify => Exec['/usr/local/sbin/traffic-shape'],
+ }
+ exec { '/usr/local/sbin/traffic-shape':
+ refreshonly => true
+ }