projects
/
mirror
/
dsa-puppet.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
8ce24eb
)
try if we can have hightraffic rules
author
Martin Zobel-Helas
<zobel@debian.org>
Thu, 5 Aug 2010 12:17:59 +0000
(14:17 +0200)
committer
Martin Zobel-Helas
<zobel@debian.org>
Thu, 5 Aug 2010 12:19:49 +0000
(14:19 +0200)
modules/apache2/manifests/init.pp
patch
|
blob
|
history
diff --git
a/modules/apache2/manifests/init.pp
b/modules/apache2/manifests/init.pp
index
22a2107
..
5734650
100644
(file)
--- a/
modules/apache2/manifests/init.pp
+++ b/
modules/apache2/manifests/init.pp
@@
-162,10
+162,21
@@
class apache2 {
description => "http subchain",
rule => "chain 'http' { saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo; saddr 124.115.0.0/21 jump limit_sosospider; saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing; mod recent name HTTPDOS update seconds 1800 jump log_or_drop; mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT; mod recent name HTTPDOS set jump log_or_drop; }"
}
description => "http subchain",
rule => "chain 'http' { saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo; saddr 124.115.0.0/21 jump limit_sosospider; saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing; mod recent name HTTPDOS update seconds 1800 jump log_or_drop; mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT; mod recent name HTTPDOS set jump log_or_drop; }"
}
- @ferm::rule { "dsa-http":
- prio => "23",
- description => "Allow web access",
- rule => "proto tcp dport (http https) jump http;"
+ case $hostname {
+ sibelius,stabile: {
+ @ferm::rule { "dsa-http":
+ prio => "23",
+ description => "Allow web access",
+ rule => "&SERVICE(tcp, (http https))"
+ }
+ }
+ default: {
+ @ferm::rule { "dsa-http":
+ prio => "23",
+ description => "Allow web access",
+ rule => "proto tcp dport (http https) jump http;"
+ }
+ }
}
@ferm::rule { "dsa-http-v6":
domain => "(ip6)",
}
@ferm::rule { "dsa-http-v6":
domain => "(ip6)",