aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2013-01-19 16:49:25 -0200
committerSilvio Rhatto <rhatto@riseup.net>2013-01-19 16:49:25 -0200
commit72cdc0884266bf7151033405878834d18ce0c05c (patch)
treec9c49e425595979155b21f9c5412228fec23bfd9
parentf05b524d8cdac05b5672dd91d17ee474c306653b (diff)
downloadpuppet-nodo-72cdc0884266bf7151033405878834d18ce0c05c.tar.gz
puppet-nodo-72cdc0884266bf7151033405878834d18ce0c05c.tar.bz2
Moving ssl DoS mitigation snippets to firewall.pp
-rw-r--r--manifests/kvm.pp10
-rw-r--r--manifests/physical.pp10
-rw-r--r--manifests/subsystems/firewall.pp10
3 files changed, 10 insertions, 20 deletions
diff --git a/manifests/kvm.pp b/manifests/kvm.pp
index 2686cd8..b6e2c51 100644
--- a/manifests/kvm.pp
+++ b/manifests/kvm.pp
@@ -9,16 +9,6 @@ class nodo::kvm inherits nodo {
include resolver
include monkeysphere_nodo
- # SSL computational DoS mitigation
- # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
- $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? {
- '' => $firewall_global_ssl_ratelimit ? {
- '' => '-',
- default => $firewall_global_ssl_ratelimit,
- },
- default => $firewall_ssl_ratelimit,
- }
-
# Firewall configuration
include firewall
diff --git a/manifests/physical.pp b/manifests/physical.pp
index bb026d4..4a81e00 100644
--- a/manifests/physical.pp
+++ b/manifests/physical.pp
@@ -11,16 +11,6 @@ class nodo::physical inherits nodo {
class { 'syslog-ng': }
- # SSL computational DoS mitigation
- # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
- $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? {
- '' => $firewall_global_ssl_ratelimit ? {
- '' => '-',
- default => $firewall_global_ssl_ratelimit,
- },
- default => $firewall_ssl_ratelimit,
- }
-
# Firewall configuration
include firewall
diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp
index 949a81d..a43662f 100644
--- a/manifests/subsystems/firewall.pp
+++ b/manifests/subsystems/firewall.pp
@@ -2,6 +2,16 @@
class firewall {
class { 'shorewall': }
+ # SSL computational DoS mitigation
+ # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
+ $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? {
+ '' => $firewall_global_ssl_ratelimit ? {
+ '' => '-',
+ default => $firewall_global_ssl_ratelimit,
+ },
+ default => $firewall_ssl_ratelimit,
+ }
+
$rfc1918 = $shorewall_local_net ? {
true => true,
false => false,