From 74adf4e3522aae8e59e12ebd942dca16c19bbeb7 Mon Sep 17 00:00:00 2001
From: Martin Zobel-Helas <zobel@debian.org>
Date: Thu, 5 Aug 2010 14:17:59 +0200
Subject: [PATCH] try if we can have hightraffic rules

---
 modules/apache2/manifests/init.pp | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index 22a210790..5734650e8 100644
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -162,10 +162,21 @@ class apache2 {
         description     => "http subchain",
         rule            => "chain 'http' { saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo; saddr 124.115.0.0/21 jump limit_sosospider; saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing; mod recent name HTTPDOS update seconds 1800 jump log_or_drop; mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT; mod recent name HTTPDOS set jump log_or_drop; }"
     }
-    @ferm::rule { "dsa-http":
-        prio            => "23",
-        description     => "Allow web access",
-        rule            => "proto tcp dport (http https) jump http;"
+    case $hostname {
+        sibelius,stabile: {
+            @ferm::rule { "dsa-http":
+                prio            => "23",
+                description     => "Allow web access",
+                rule            => "&SERVICE(tcp, (http https))"
+            }
+        }
+        default: {
+            @ferm::rule { "dsa-http":
+                prio            => "23",
+                description     => "Allow web access",
+                rule            => "proto tcp dport (http https) jump http;"
+            }
+        }
     }
     @ferm::rule { "dsa-http-v6":
         domain          => "(ip6)",
-- 
2.20.1