stop using virtual resources for ferm::rule

[mirror/dsa-puppet.git] / modules / roles / manifests / snapshot_web.pp

diff --git a/modules/roles/manifests/snapshot_web.pp b/modules/roles/manifests/snapshot_web.pp
index 26cd485..bcaa705 100644 (file)
--- a/modules/roles/manifests/snapshot_web.pp
+++ b/modules/roles/manifests/snapshot_web.pp
@@ -42,7 +42,7 @@ class roles::snapshot_web {
        #  90.44.107.223
        #  195.154.173.12
        #  74.121.137.108
-       @ferm::rule { 'dsa-snapshot-abusers':
+       ferm::rule { 'dsa-snapshot-abusers':
                prio  => "005",
                rule  => "saddr (61.69.254.110 18.128.0.0/9 3.120.0.0/14 35.156.0.0/14 52.58.0.0/15 99.137.191.34 51.15.215.91 208.91.68.213 198.11.128.0/18 159.226.95.0/24 84.204.194.0/24 211.13.205.0/24 63.32.0.0/14 54.72.0.0/15 95.115.66.23 52.192.0.0/11 54.72.0.0/15 34.192.0.0/10 34.240.0.0/13 52.192.0.0/11 90.44.107.223 195.154.173.12 74.121.137.108) DROP",
        }
@@ -74,7 +74,7 @@ class roles::snapshot_web {
                }
        }
 
-       @ferm::rule { 'dsa-snapshot-connlimit':
+       ferm::rule { 'dsa-snapshot-connlimit':
                domain => '(ip ip6)',
                prio  => "005",
                rule  => "proto tcp mod state state (NEW) interface ! lo daddr (${ipv4addr} ${ipv6addr})  mod multiport destination-ports (80 443) mod connlimit connlimit-above 3 DROP;
@@ -84,7 +84,7 @@ class roles::snapshot_web {
 
        # varnish cache
        ###############
-       @ferm::rule { 'dsa-nat-snapshot-varnish-v4':
+       ferm::rule { 'dsa-nat-snapshot-varnish-v4':
                table => 'nat',
                chain => 'PREROUTING',
                rule  => "proto tcp daddr ${ipv4addr} dport 80 REDIRECT to-ports 6081",