From 74adf4e3522aae8e59e12ebd942dca16c19bbeb7 Mon Sep 17 00:00:00 2001 From: Martin Zobel-Helas Date: Thu, 5 Aug 2010 14:17:59 +0200 Subject: [PATCH] try if we can have hightraffic rules --- modules/apache2/manifests/init.pp | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp index 22a210790..5734650e8 100644 --- a/modules/apache2/manifests/init.pp +++ b/modules/apache2/manifests/init.pp @@ -162,10 +162,21 @@ class apache2 { description => "http subchain", rule => "chain 'http' { saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo; saddr 124.115.0.0/21 jump limit_sosospider; saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing; mod recent name HTTPDOS update seconds 1800 jump log_or_drop; mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT; mod recent name HTTPDOS set jump log_or_drop; }" } - @ferm::rule { "dsa-http": - prio => "23", - description => "Allow web access", - rule => "proto tcp dport (http https) jump http;" + case $hostname { + sibelius,stabile: { + @ferm::rule { "dsa-http": + prio => "23", + description => "Allow web access", + rule => "&SERVICE(tcp, (http https))" + } + } + default: { + @ferm::rule { "dsa-http": + prio => "23", + description => "Allow web access", + rule => "proto tcp dport (http https) jump http;" + } + } } @ferm::rule { "dsa-http-v6": domain => "(ip6)", -- 2.20.1