site => 'security-tracker.debian.org',
content => template('roles/apache-security-tracker.debian.org.conf.erb')
}
+
+ # traffic shaping http traffic
+ @ferm::rule { 'dsa-security-tracker-shape':
+ table => 'mangle',
+ chain => 'OUTPUT',
+ rule => "proto tcp dport 443 MARK set-mark 20",
+ }
+
+ file { '/usr/local/sbin/traffic-shape':
+ mode => '0755',
+ content => template('roles/security-tracker/traffic-shape'),
+ notify => Exec['/usr/local/sbin/traffic-shape'],
+ }
+ exec { '/usr/local/sbin/traffic-shape':
+ refreshonly => true
+ }
}