make http_limit opt-in rather than out
authorStephen Gran <steve@lobefin.net>
Wed, 18 Aug 2010 21:50:31 +0000 (22:50 +0100)
committerStephen Gran <steve@lobefin.net>
Wed, 18 Aug 2010 21:50:31 +0000 (22:50 +0100)
Signed-off-by: Stephen Gran <steve@lobefin.net>
modules/apache2/manifests/init.pp

index b61b89a..d90532d 100644 (file)
@@ -138,14 +138,7 @@ class apache2 {
     }
 
     case $hostname {
-        sibelius,stabile: {
-            @ferm::rule { "dsa-http":
-                prio            => "23",
-                description     => "Allow web access",
-                rule            => "&SERVICE(tcp, (http https))"
-            }
-        }
-        default: {
+        busoni,byrd,duarte,holter,lindberg,master,merkel,powell,rore: {
             @ferm::rule { "dsa-http-limit":
                 prio            => "20",
                 description     => "limit HTTP DOS",
@@ -212,6 +205,13 @@ class apache2 {
                 rule            => "proto tcp dport (http https) jump http;"
             }
         }
+        default: {
+            @ferm::rule { "dsa-http":
+                prio            => "23",
+                description     => "Allow web access",
+                rule            => "&SERVICE(tcp, (http https))"
+            }
+        }
     }
     @ferm::rule { "dsa-http-v6":
         domain          => "(ip6)",