make http_limit opt-in rather than out

author Stephen Gran <steve@lobefin.net>

Wed, 18 Aug 2010 21:50:31 +0000 (22:50 +0100)

committer Stephen Gran <steve@lobefin.net>

Wed, 18 Aug 2010 21:50:31 +0000 (22:50 +0100)
author Stephen Gran <steve@lobefin.net>
Wed, 18 Aug 2010 21:50:31 +0000 (22:50 +0100)
committer Stephen Gran <steve@lobefin.net>
Wed, 18 Aug 2010 21:50:31 +0000 (22:50 +0100)
diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp

index b61b89a..d90532d 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -138,14 +138,7 @@ class apache2 {
      }
  
      case $hostname {
-        sibelius,stabile: {
-            @ferm::rule { "dsa-http":
-                prio            => "23",
-                description     => "Allow web access",
-                rule            => "&SERVICE(tcp, (http https))"
-            }
-        }
-        default: {
+        busoni,byrd,duarte,holter,lindberg,master,merkel,powell,rore: {
              @ferm::rule { "dsa-http-limit":
                  prio            => "20",
                  description     => "limit HTTP DOS",
@@ -212,6 +205,13 @@ class apache2 {
                  rule            => "proto tcp dport (http https) jump http;"
              }
          }
+        default: {
+            @ferm::rule { "dsa-http":
+                prio            => "23",
+                description     => "Allow web access",
+                rule            => "&SERVICE(tcp, (http https))"
+            }
+        }
      }
      @ferm::rule { "dsa-http-v6":
          domain          => "(ip6)",
author	Stephen Gran <steve@lobefin.net>
	Wed, 18 Aug 2010 21:50:31 +0000 (22:50 +0100)
committer	Stephen Gran <steve@lobefin.net>
	Wed, 18 Aug 2010 21:50:31 +0000 (22:50 +0100)