diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2013-01-19 16:49:25 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2013-01-19 16:49:25 -0200 |
commit | 72cdc0884266bf7151033405878834d18ce0c05c (patch) | |
tree | c9c49e425595979155b21f9c5412228fec23bfd9 | |
parent | f05b524d8cdac05b5672dd91d17ee474c306653b (diff) | |
download | puppet-nodo-72cdc0884266bf7151033405878834d18ce0c05c.tar.gz puppet-nodo-72cdc0884266bf7151033405878834d18ce0c05c.tar.bz2 |
Moving ssl DoS mitigation snippets to firewall.pp
-rw-r--r-- | manifests/kvm.pp | 10 | ||||
-rw-r--r-- | manifests/physical.pp | 10 | ||||
-rw-r--r-- | manifests/subsystems/firewall.pp | 10 |
3 files changed, 10 insertions, 20 deletions
diff --git a/manifests/kvm.pp b/manifests/kvm.pp index 2686cd8..b6e2c51 100644 --- a/manifests/kvm.pp +++ b/manifests/kvm.pp @@ -9,16 +9,6 @@ class nodo::kvm inherits nodo { include resolver include monkeysphere_nodo - # SSL computational DoS mitigation - # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html - $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? { - '' => $firewall_global_ssl_ratelimit ? { - '' => '-', - default => $firewall_global_ssl_ratelimit, - }, - default => $firewall_ssl_ratelimit, - } - # Firewall configuration include firewall diff --git a/manifests/physical.pp b/manifests/physical.pp index bb026d4..4a81e00 100644 --- a/manifests/physical.pp +++ b/manifests/physical.pp @@ -11,16 +11,6 @@ class nodo::physical inherits nodo { class { 'syslog-ng': } - # SSL computational DoS mitigation - # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html - $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? { - '' => $firewall_global_ssl_ratelimit ? { - '' => '-', - default => $firewall_global_ssl_ratelimit, - }, - default => $firewall_ssl_ratelimit, - } - # Firewall configuration include firewall diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp index 949a81d..a43662f 100644 --- a/manifests/subsystems/firewall.pp +++ b/manifests/subsystems/firewall.pp @@ -2,6 +2,16 @@ class firewall { class { 'shorewall': } + # SSL computational DoS mitigation + # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html + $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? { + '' => $firewall_global_ssl_ratelimit ? { + '' => '-', + default => $firewall_global_ssl_ratelimit, + }, + default => $firewall_ssl_ratelimit, + } + $rfc1918 = $shorewall_local_net ? { true => true, false => false, |