From: Stephen Gran Date: Wed, 18 Aug 2010 21:50:31 +0000 (+0100) Subject: make http_limit opt-in rather than out X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=69f2e9fa33a96df43f1f5b83f6bca436b0666d31;p=mirror%2Fdsa-puppet.git make http_limit opt-in rather than out Signed-off-by: Stephen Gran --- diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp index b61b89a51..d90532d81 100644 --- a/modules/apache2/manifests/init.pp +++ b/modules/apache2/manifests/init.pp @@ -138,14 +138,7 @@ class apache2 { } case $hostname { - sibelius,stabile: { - @ferm::rule { "dsa-http": - prio => "23", - description => "Allow web access", - rule => "&SERVICE(tcp, (http https))" - } - } - default: { + busoni,byrd,duarte,holter,lindberg,master,merkel,powell,rore: { @ferm::rule { "dsa-http-limit": prio => "20", description => "limit HTTP DOS", @@ -212,6 +205,13 @@ class apache2 { rule => "proto tcp dport (http https) jump http;" } } + default: { + @ferm::rule { "dsa-http": + prio => "23", + description => "Allow web access", + rule => "&SERVICE(tcp, (http https))" + } + } } @ferm::rule { "dsa-http-v6": domain => "(ip6)",